CWE-287: Improper Authentication

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx callback endpoint. Any unauthenticated visitor ca...

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows unauthenticated remote attackers to gain admi...

CVE-2025-70841 allows unauthenticated attackers to access the .env configuration file in Dokans Multi-Tenancy eCommerce Platform, exposing sensitive c...

This critical vulnerability in Step CA allows attackers to bypass authorization checks in ACME or SCEP provisioners, enabling unauthorized certificate...

This vulnerability allows attackers to bypass authentication on Itel DAB Encoder devices by reusing a valid JWT token from one device to gain administ...

This vulnerability allows attackers to bypass authentication on Itel DAB Gateway devices by reusing a valid JWT token from one device to gain administ...

This critical vulnerability in Azure Entra ID (formerly Azure Active Directory) allows attackers to elevate privileges to Global Administrator level. ...

CVE-2025-54419 is a critical authentication bypass vulnerability in Node-SAML library versions 5.0.1 and earlier. It allows attackers to modify authen...

This CVE describes an authentication bypass vulnerability in Quest KACE Systems Management Appliance that allows attackers to impersonate legitimate u...

This vulnerability allows authenticated users with limited permissions in Arista CloudVision Portal to perform unauthorized actions on managed EOS dev...

CVE-2025-46348 is an authentication bypass vulnerability in YesWiki that allows unauthenticated attackers to trigger and download site backups. The pr...

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier contain an improper authentication vulnerability that allows attackers to bypas...

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized access to systems without valid credentials. This ...

This vulnerability allows unauthorized users to bypass authentication in OpenBlue Enterprise Manager Data Collector under certain circumstances. It af...

This vulnerability allows remote attackers to gain superuser access to GajShield Data Security Firewall devices using default credentials. Attackers c...

This vulnerability allows unauthenticated remote attackers to bypass authentication and access the Supervisor API in Home Assistant, potentially gaini...

CVE-2022-31125 is an authentication bypass vulnerability in Roxy-wi web interface that allows unauthenticated remote attackers to access administrativ...

CVE-2021-32637 is an authentication bypass vulnerability in Authelia that allows attackers to bypass SSO authentication by sending malformed HTTP requ...

CVE-2021-22893 is an authentication bypass vulnerability in Pulse Connect Secure that allows unauthenticated attackers to execute arbitrary code on th...

CVE-2025-0070 is an authentication bypass vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform that allows authenticated attac...

This vulnerability in Eazy Plugin Manager for WordPress allows attackers with subscriber-level access to bypass authentication and update arbitrary pl...

CVE-2023-40020 is an authentication bypass vulnerability in PrivateUploader that allows non-admin users to execute admin-only API endpoints. The vulne...

CVE-2023-33190 is a critical RBAC misconfiguration vulnerability in Sealos that allows attackers to gain full cluster control permissions. This enable...

CVE-2023-23857 is an authentication bypass vulnerability in SAP NetWeaver AS for Java that allows unauthenticated attackers to access sensitive naming...

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Manager allows unauthenticated remote attackers to gain netadmin privileges...

METIS WIC devices with firmware versions up to oscore 2.1.234-r18 expose an unauthenticated web-based shell at the /console endpoint. This allows remo...

This authentication bypass vulnerability in Apache Druid allows attackers to gain unauthorized access by exploiting LDAP anonymous bind configurations...

CVE-2022-25369 is an authentication bypass vulnerability in Dynamicweb CMS that allows unauthenticated attackers to create new administrator accounts....

This vulnerability allows unauthenticated remote attackers to bypass multi-factor authentication requirements in an Orchestrator service, enabling the...

This critical authentication bypass vulnerability in BLUVOYIX allows unauthenticated attackers to send crafted HTTP requests to backend APIs and gain ...

An authentication bypass vulnerability in Tarkov Data Manager allows unauthenticated attackers to gain full admin access by exploiting JavaScript prot...

A critical authentication bypass vulnerability in wolfSSH's key exchange state machine allows attackers to manipulate the authentication process. This...

Blue Access Cobalt v02.000.195 has an authentication bypass vulnerability that allows attackers to proxy requests and access web application functiona...

This vulnerability allows attackers to bypass authentication in RustFS by using a hardcoded static token that is publicly exposed in the source code. ...

A critical authentication bypass vulnerability in Fossorial Pangolin's 2FA component allows remote attackers to escalate privileges without proper aut...

An authentication misconfiguration in DriveLock Enterprise Service (DES) allows attackers to impersonate any DriveLock agent on the network. This affe...

FreePBX Endpoint Manager versions before 16.0.44 and 17.0.23 contain an authentication bypass vulnerability when using webserver authentication. Attac...

CVE-2025-64055 is an authentication bypass vulnerability in Fanvil x210 V2 IP phones that allows unauthenticated attackers on the local network to acc...

This vulnerability allows attackers to bypass authentication on Newtec Celox UHD satellite modems by forging responses during login. Attackers can gai...

This vulnerability allows unauthenticated attackers to change all user passwords (Admin, Operator, User) on R.V.R Elettronica TEX devices by sending a...

This vulnerability in ZITADEL identity management platform allows unauthenticated attackers to bypass organization security controls and perform accou...

This vulnerability allows attackers to bypass multi-factor authentication (MFA) in Zitadel by targeting only the TOTP code without requiring password ...

CVE-2025-43995 is an authentication bypass vulnerability in Dell Storage Manager that allows unauthenticated remote attackers to access protected APIs...

TM2 Monitoring v3.04 contains an authentication bypass vulnerability that allows attackers to access the system without valid credentials, combined wi...

CVE-2025-41108 allows attackers to gain full unauthorized control of Ghost Robotics Vision 60 robots by impersonating legitimate control stations. Thi...

CVE-2025-60772 is an authentication bypass vulnerability in NETLINK HG322G GPON ONT devices that allows unauthenticated attackers to gain administrati...

An improper host authentication vulnerability in wolfSSH clients up to version 1.4.20 allows attackers to bypass authentication and potentially leak c...

An authentication bypass vulnerability in FactoryTalk View Machine Edition's Web Browser ActiveX control allows attackers to gain unauthorized access ...

This critical vulnerability in Oracle E-Business Suite's Concurrent Processing component allows unauthenticated attackers to remotely execute arbitrar...

The Amp'ed RF BT-AP 111 Bluetooth access point's HTTP admin interface lacks authentication, allowing anyone with network access to gain administrative...