A flaw exists in the Windows login flow where an AuthContext token can
be exploited for replay attacks and authentication bypass.
An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an
unauthorized user without permission rights has physical access to the EPAS-UI computer and is a
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-bas
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side p
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensitive information and executearbitrary code via the lack of authentication mechanisms
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/co
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revok
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface
when someone on the local network repeatedly requests the /accessdenied URL.
Identity authentication bypass vulnerability in the window module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced A
The vulnerability could be remotely exploited to bypass authentication.
A flaw in Gliffy results in broken authentication through the reset functionality of the application.
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication b
Page 1+ Next →