CWE-1390 · Weak Authentication
81 CVEs classified under CWE-1390 (Weak Authentication). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30412 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
CVE-2025-30411 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor… |
CVE-2026-6274 | Critical | 9.8 | 2026-06-05 | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline… |
CVE-2026-6886 | Critical | 9.8 | 2026-04-23 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attacke… |
CVE-2026-28710 | Critical | 9.8 | 2026-03-06 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows… |
CVE-2025-40554 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific a… |
CVE-2025-40552 | Critical | 9.8 | 2026-01-28 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute acti… |
CVE-2023-53894 | Critical | 9.8 | 2025-12-16 | phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. At… |
CVE-2025-63807 | Critical | 9.8 | 2025-11-20 | An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code g… |
CVE-2025-12871 | Critical | 9.8 | 2025-11-12 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and us… |
CVE-2025-12870 | Critical | 9.8 | 2025-11-12 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administr… |
CVE-2025-39596 | Critical | 9.8 | 2025-04-17 | Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8. |
CVE-2024-54092 | Critical | 9.8 | 2025-04-08 | A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Indust… |
CVE-2025-1387 | Critical | 9.8 | 2025-02-17 | Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. |
CVE-2024-13239 | Critical | 9.8 | 2025-01-09 | Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): fro… |
CVE-2023-49340 | Critical | 9.8 | 2024-03-09 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authe… |
CVE-2022-43400 | Critical | 9.8 | 2022-10-21 | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applicati… |
CVE-2026-27478 | Critical | 9.1 | 2026-03-11 | Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog… |
CVE-2024-45367 | Critical | 9.1 | 2024-10-03 | The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a pa… |
CVE-2024-39848 | Critical | 9.1 | 2024-06-29 | Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws… |