CWE-1390: CWE-1390
Yearly Trend
Top Affected Vendors
All CWE-1390 CVEs (31)
CVE-2025-30412 allows attackers to bypass authentication mechanisms in Acronis Cyber Protect, potentially leading to unauthorized access, sensitive da...
Feb 20, 2026SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute privileged actions without valid credentials...
Jan 28, 2026SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute specific actions without proper credentials....
Jan 28, 2026CVE-2025-12870 is an authentication abuse vulnerability in a+HRD software developed by aEnrich that allows unauthenticated remote attackers to send cr...
Nov 12, 2025CVE-2025-12871 is an authentication abuse vulnerability in a+HRD software that allows unauthenticated remote attackers to craft administrator access t...
Nov 12, 2025This vulnerability allows unauthenticated remote attackers to bypass authentication on specific API endpoints when identity federation is configured, ...
Apr 8, 2025A weak authentication vulnerability in Drupal's Two-factor Authentication (TFA) module allows attackers to bypass 2FA protections and gain unauthorize...
Jan 9, 2025This vulnerability allows authentication bypass in Internet2 Grouper when LDAP authentication is configured in certain ways, potentially enabling unau...
Jun 29, 2024This vulnerability allows attackers to bypass weak authentication mechanisms in multiple Fortinet products via brute-force attacks, potentially leadin...
Jan 14, 2025This vulnerability in Microsoft Dynamics 365 allows unauthenticated attackers to bypass authentication mechanisms and gain elevated privileges over th...
Jul 31, 2024A weak authentication vulnerability in Drupal's Email TFA module allows attackers to brute force two-factor authentication codes. This affects Drupal ...
Mar 31, 2025This vulnerability allows attackers to bypass authentication on Netgear WNR614 JNR1010V2 N300 routers and access the administrative interface. Attacke...
Jun 7, 2024This vulnerability allows attackers to gain administrative access to SinoTrack GPS device management interfaces using default credentials that cannot ...
Jun 12, 2025CVE-2025-1293 is an authentication bypass vulnerability in Hermes versions up to 0.4.0 that improperly validates AWS ALB JWTs, potentially allowing un...
Feb 20, 2025Dell Client Platform BIOS contains a weak authentication vulnerability that allows high-privileged attackers with local access to elevate their privil...
Feb 19, 2025CVE-2026-28710 allows attackers to access and manipulate sensitive information in Acronis Cyber Protect 17 due to improper authentication. This affect...
Mar 6, 2026A weak authentication vulnerability in Fortinet FortiPAM and FortiSwitchManager allows attackers to execute unauthorized code or commands via speciall...
Oct 14, 2025This vulnerability allows attackers to send malicious brake control commands to train End-of-Train and Head-of-Train devices using software-defined ra...
Jul 10, 2025This vulnerability allows unauthenticated remote attackers to brute-force user PINs in Q-Free MaxTime parking management systems via crafted HTTP requ...
Feb 12, 2025CVE-2025-50173 is a Windows Installer vulnerability where weak authentication mechanisms allow authenticated attackers to escalate privileges locally....
Aug 12, 2025This vulnerability allows attackers to perform brute-force attacks against Fortinet management platforms due to weak authentication mechanisms. Succes...
Jan 16, 2025This vulnerability in Microsoft Dynamics 365 Business Central allows authenticated attackers to elevate their privileges within the application. It af...
Jun 11, 2024This vulnerability allows unauthorized access to Private Browsing tabs in Apple iOS/iPadOS without proper authentication. It affects users of iOS and ...
Sep 15, 2025This vulnerability in Oracle JD Edwards EnterpriseOne Orchestrator allows authenticated attackers with low privileges to access sensitive data via HTT...
Jan 21, 2025This vulnerability in the goTenna Pro App allows attackers to inject forged messages with arbitrary group IDs and callsigns into goTenna mesh networks...
Sep 26, 2024The goTenna Pro ATAK Plugin vulnerability allows attackers to inject forged messages with arbitrary group IDs and callsigns into goTenna mesh networks...
Sep 26, 2024The /n software IPWorks SSH library's SFTPServer component can be tricked into accessing unintended filesystem or network paths when loading SSH publi...
Jul 8, 2024A weak authentication vulnerability in AresIT WP Compress WordPress plugin allows attackers to bypass authentication mechanisms and gain unauthorized ...
Jul 4, 2025This vulnerability allows remote authenticated attackers to bypass authentication controls in Ivanti Endpoint Manager (EPM) and access restricted func...
Sep 10, 2024This vulnerability in Quay allows attackers who obtain an application's client ID to use OAuth tokens for authentication, potentially accessing applic...
Jun 12, 2024A vulnerability in DataMosaix Private Cloud allows attackers to bypass multi-factor authentication during setup and obtain valid login tokens without ...
Nov 11, 2025About CWE-1390 (CWE-1390)
Our database tracks 31 CVEs classified as CWE-1390, with 10 rated critical and 12 rated high severity. The average CVSS score for CWE-1390 vulnerabilities is 8.0.
External reference: View CWE-1390 on MITRE CWE →
Monitor CWE-1390 Vulnerabilities
Get alerted when new CWE-1390 CVEs affect your infrastructure.
Start Monitoring Free