CWE-287: Improper Authentication

Dell PowerProtect Data Manager DM5500 appliances running version 5.14.0.0 and earlier contain an improper authentication vulnerability (CWE-287). Remo...

This vulnerability allows authentication bypass in PingFederate's Identifier First Adapter when configured in a specific, non-recommended way. Attacke...

This vulnerability in Teltonika's Remote Management System allows attackers who obtain a device's serial number and MAC address to authenticate as tha...

This vulnerability allows unauthenticated attackers to bypass authentication in the OTP Login Woocommerce & Gravity Forms WordPress plugin by obtainin...

This vulnerability in Apache OpenMeetings allows attackers with access to certain private information to impersonate other users. It affects Apache Op...

This vulnerability in Nexx Smart Home devices allows any user to register an already registered alarm or associated device using only the device's MAC...

CVE-2022-42951 is an authentication bypass vulnerability in Couchbase Server that allows attackers to connect to the cluster manager using default cre...

This CVE describes an authentication bypass vulnerability in L2Blocker network security devices. An adjacent attacker can bypass login authentication ...

This vulnerability allows attackers to bypass DUO multi-factor authentication in Splunk Enterprise, enabling unauthorized access to protected Splunk i...

This vulnerability allows remote unauthenticated attackers to bypass authentication on affected Mitsubishi Electric PLCs by replaying eavesdropped pas...

Wiki.js versions before 2.5.274 contain an improper authentication vulnerability (CWE-287) where authenticated users with write access to restricted p...

This vulnerability allows any authenticated user in eLabFTW to gain access to arbitrary accounts by setting a specially crafted email address. It affe...

CVE-2021-41265 is an authentication bypass vulnerability in Flask-AppBuilder's REST API that allows attackers to craft malicious requests to gain unau...

CVE-2021-36306 is an authentication bypass vulnerability in Dell Networking OS10's RESTCONF API that allows remote unauthenticated attackers to gain u...

This vulnerability in the Registration Forms WordPress plugin allows unauthenticated attackers to log in as any user by knowing their user ID or usern...

CVE-2021-31520 is a session token authentication bypass vulnerability in Trend Micro IM Security that allows remote attackers to guess administrators'...

This vulnerability allows Windows domain users to bypass authentication in Devolutions Server, potentially gaining unauthorized access. It affects org...

A path traversal vulnerability in NETGEAR WiFi range extenders allows authenticated LAN attackers to access sensitive webproc files containing router ...

This CVE describes an authentication bypass vulnerability in NETGEAR WiFi range extenders that allows attackers on the same network to access the admi...

This vulnerability allows attackers within Bluetooth range to connect to a Samsung device's mobile hotspot without authentication. It affects Samsung ...

This vulnerability allows attackers to impersonate legitimate users by exploiting improper authentication mechanisms. Attackers can use cookie headers...

This vulnerability allows an authenticated attacker on the local network to perform server-side request forgery (SSRF) attacks against other agent com...

CVE-2021-25910 is an improper authentication vulnerability in ZIV AUTOMATION 4CCT-EA6-334126BF devices where the cookie parameter can be manipulated t...

An authentication bypass vulnerability in NETGEAR Orbi routers allows local network users to access the administrative web interface without credentia...

This CVE describes a local privilege escalation vulnerability in macOS where improper authentication allows a local attacker to gain elevated privileg...

This vulnerability in whuan132 AIBattery up to version 1.0.9 allows local attackers to bypass authentication in the AIBatteryHelper component. Attacke...

This vulnerability allows local attackers to bypass authentication in the batteryKid application's privilege helper component on macOS. Attackers can ...

This vulnerability allows local attackers to bypass biometric and PIN authentication in Two App Studio Journey 5.5.6 on iOS through brute-force attack...

An improper authentication vulnerability in QNAP QHora routers allows attackers with local network access to bypass authentication mechanisms and comp...

This vulnerability allows an authenticated attacker to elevate privileges within Windows Virtualization-Based Security (VBS) enclaves, potentially byp...

This vulnerability allows low-privileged users in Veeam Backup & Replication to modify Multi-Factor Authentication settings and bypass MFA protection....

A local privilege escalation vulnerability in Lenovo PC Manager allows attackers to gain elevated system privileges. This affects users running vulner...

This vulnerability allows local attackers with physical access to bypass UART authentication on Vonage Box Telephone Adapter devices. Attackers can re...

This vulnerability allows a locally authenticated attacker with low privileges to bypass authentication mechanisms through insecure inter-process comm...

This vulnerability allows attackers to bypass authentication in Qualcomm Snapdragon chipsets by exploiting improper timeout-based verification in iden...

CVE-2022-31011 is an authentication bypass vulnerability in TiDB 5.3.0 that allows attackers to construct malicious authentication requests to gain un...

VeryFitPro mobile app versions 3.2.8 and earlier hash passwords locally and transmit those hashes to authenticate with backend APIs. This allows attac...

This vulnerability allows authenticated users to bypass face authentication on affected Qualcomm Snapdragon devices due to improper secure memory clea...

This Linux kernel vulnerability allows a local unprivileged user to write to file handlers in the cgroups subsystem, potentially leading to system cra...

Acer QuickAccess software contains a local privilege escalation vulnerability where unprivileged users can communicate with a system service via an in...

CVE-2022-0492 is a Linux kernel vulnerability in the cgroups v1 release_agent feature that allows local attackers to escalate privileges and escape co...

CVE-2021-22796 is an authentication bypass vulnerability in Schneider Electric's C-Bus Toolkit and C-Gate Server that allows attackers to upload malic...

CVE-2022-22990 is an authentication bypass vulnerability in Western Digital My Cloud devices that allows attackers to bypass limited authentication ch...

This vulnerability allows an authenticated user with local access to potentially escalate privileges on affected Intel NUC systems. It affects users o...

CVE-2021-41286 is an authentication bypass vulnerability in Omikron MultiCash Desktop where password validation occurs client-side. Attackers can mani...

This vulnerability allows attackers to bypass discretionary access controls on Windows systems running vulnerable versions of the ChromeOS Readiness T...

This authentication bypass vulnerability in Brocade Fabric OS allows attackers to log in with empty or invalid passwords via telnet, SSH, and REST int...

This vulnerability allows an unauthenticated attacker with local code execution capability to tamper with the micro-service API in Acronis True Image ...

This vulnerability allows unauthenticated attackers to gain administrator access to Zyxel NBG2105 routers by setting a login cookie value to 1. It aff...

This vulnerability allows attackers to bypass authentication in Guangzhou Hongfan Technology's iOffice20 software through a logical flaw, enabling una...