CVE-2025-26343

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-1390
View all →

Vulnerability Description

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests.

Related Vulnerabilities

CVE-2025-23058

HIGH
CVSS:8.1(High)

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to ...

CWE-13902025

CVE-2023-4094

HIGH
CVSS:8.2(High)

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In add...

CWE-13902023

CVE-2024-52541

HIGH
CVSS:8.2(High)

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CWE-13902024

CVE-2025-1293

HIGH
CVSS:8.2(High)

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fix...

CWE-13902025

CVE-2024-49019

HIGH
CVSS:7.8(High)

Active Directory Certificate Services Elevation of Privilege Vulnerability

CWE-13902024

CVE-2022-45860

HIGH
CVSS:7.5(High)

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registrat...

CWE-13902022