CVEs classified under CWE-308, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-49075 — CVSS 8.4 (high): The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable…
CVE-2026-45749 — CVSS 8.1 (high): Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST…
CVE-2025-42959 — CVSS 8.1 (high): An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system…
CVE-2024-47652 — CVSS 8.1 (high): This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module…
CVE-2024-27928: vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6…
CVE-2026-56022 — CVSS 5.3 (medium): Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of…
CVE-2023-25681 — CVSS 5.3 (medium): LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM…
CVE-2023-34228 — CVSS 5.3 (medium): In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVE-2024-50618 — CVSS 4.3 (medium): A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to…
CVE-2026-33550 — CVSS 2.0 (low): SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20…