CWE-287: Improper Authentication

This vulnerability allows unauthenticated attackers to gain administrator access to Zyxel NBG2105 routers by setting a login cookie value to 1. It aff...

This vulnerability allows attackers to bypass authentication in Guangzhou Hongfan Technology's iOffice20 software through a logical flaw, enabling una...

This vulnerability allows attackers to bypass Windows authentication by exploiting AuthContext tokens in replay attacks. It affects Windows systems wi...

An improper authentication vulnerability in GitHub Enterprise Server allows unauthorized users to modify other users' secret gists by authenticating t...

This vulnerability allows attackers to bypass authentication in Atlassian Connect Express (ACE) by sending context JWTs to lifecycle endpoints where o...

This vulnerability allows attackers to bypass two-factor authentication in Nagios Fusion by brute-forcing OTP codes due to insufficient rate limiting....

This vulnerability allows unauthorized devices to bypass authentication and access distributed camera functions without user consent. It affects Huawe...

CVE-2024-28992 is a directory traversal and information disclosure vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attac...

This vulnerability in Delinea PAM Secret Server allows users with 'Administer Reports' permission or those in UNLIMITED ADMIN MODE to gain unauthorize...

This vulnerability in Strapi allows malicious users to modify private fields in their user records during registration. It affects all Strapi instance...

CVE-2025-68931 is a cryptographic vulnerability in Jervis library versions before 2.2 where AES/CBC/PKCS5Padding lacks authentication, enabling paddin...

This vulnerability allows attackers to bypass authentication mechanisms in Broadcom DX NetOps Spectrum, potentially gaining unauthorized access to net...

This authentication bypass vulnerability in Revotech I6032W-FHW devices allows attackers to access sensitive information and escalate privileges witho...

An improper authentication vulnerability in TP-Link WA850RE Wi-Fi range extenders allows unauthenticated attackers to download the device configuratio...

This vulnerability in Memos note-taking service allows attackers to maintain access to compromised accounts even after users change their passwords. A...

This vulnerability allows incoming FaceTime calls to appear or be accepted on locked macOS devices even when lock screen notifications are disabled. T...

CVE-2025-55171 is an authentication bypass vulnerability in WeGIA web management software that allows unauthenticated attackers to delete arbitrary im...

The Customer Email Verification for WooCommerce WordPress plugin has an authentication bypass vulnerability that allows authenticated attackers with C...

This vulnerability allows attackers to forge JWT tokens for any user in macrozheng mall-tiny 1.0.1, enabling complete authentication bypass. Attackers...

NiceGUI versions before 2.9.1 have an authentication bypass vulnerability where logging in from one browser automatically authenticates all browsers, ...

This vulnerability allows attackers on the same network as a Wyze Cam v3 to execute arbitrary code without authentication by exploiting improper authe...

This vulnerability allows unauthenticated attackers to read device information from Zyxel P-6101C ADSL modems via crafted HTTP HEAD requests. It affec...

This CVE describes an improper authentication vulnerability in Adobe ColdFusion that allows attackers to bypass authentication mechanisms and escalate...

This authentication bypass vulnerability in Ivanti EPMM allows remote attackers to access sensitive resources without proper credentials. It affects I...

This vulnerability in Hush Line allows attackers to bypass two-factor authentication (2FA) when changing security settings. Attackers with CSRF or XSS...

An authentication bypass vulnerability in Rockwell Automation FactoryTalk View SE v12 allows remote users to access HMI projects without proper authen...

This vulnerability allows attackers to bypass authentication in the WordPress Admin and Site Enhancements (ASE) plugin, granting unauthorized access t...

CVE-2024-26331 is an authentication bypass vulnerability in ReCrystallize Server 5.10.0.0 where attackers can modify cookie values to gain unauthorize...

This CVE describes an improper authentication vulnerability in Elementor Website Builder that allows users with contributor-level access to read arbit...

This CVE describes an improper authentication vulnerability in the Iaware module on Huawei devices running HarmonyOS. Attackers could exploit this to ...

This vulnerability allows a read-only user to escalate privileges to read-write access through successive login attempts in FortiOS when configured wi...

This vulnerability in iNet wireless daemon (IWD) allows attackers to bypass Wi-Fi network authentication by exploiting a flaw in the EAPOL handshake. ...

This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server's Private Mode. Attackers with network access can craft API requ...

This vulnerability allows attackers to spoof DPAPI (Data Protection API) calls on Windows systems, potentially enabling them to decrypt protected data...

This vulnerability allows attackers to bypass PKCE (Proof Key for Code Exchange) protection in authentik's OAuth2 flows. When an OAuth2 flow is initia...

CloudExplorer Lite versions before 1.4.1 contain an authentication bypass vulnerability in the gateway filter. Attackers can access protected API endp...

This vulnerability allows attackers to perform brute-force attacks against device authentication modules, potentially compromising service confidentia...

This vulnerability allows unauthenticated users to bypass authentication for the Bull dashboard job queue management interface in Misskey by editing U...

CVE-2023-43805 is an authentication bypass vulnerability in Nexkey (a Misskey fork) that allows attackers to access the job queue dashboard without pr...

This vulnerability allows remote attackers to bypass authentication and access sensitive information via the rootDesc.xml page of the UPnP service on ...

This CVE describes an improper authentication vulnerability in Proself products that allows remote unauthenticated attackers to bypass login controls ...

An authentication bypass vulnerability in Suprema BioStar 2 access control systems allows unauthenticated attackers to access certain server functiona...

This authentication bypass vulnerability in OpenThread border router implementations allows unauthenticated attackers to craft radio frames using Key ...

This vulnerability allows malicious apps to bypass identity verification during pre-authorization, potentially gaining unauthorized access to system r...

This vulnerability allows malicious applications to bypass proper identity verification during pre-authorization processes. Attackers can exploit this...

This vulnerability allows attackers to bypass authentication on D-Link DIR-890L routers running firmware version 1.10 A1. Attackers can gain unauthori...

This CVE describes an authentication misconfiguration vulnerability in Android's PasspointXmlUtils.java that could allow remote information disclosure...

This vulnerability in SolarWinds SAM occurs when polling via IP address forces NTLM authentication instead of the expected Kerberos, potentially expos...

CVE-2016-0796 affects WordPress mb.miniAudioPlayer plugin versions up to 1.7.6, allowing attackers to bypass security controls and download arbitrary ...

CVE-2022-31164 is an authentication bypass vulnerability in Tovy, a Roblox group staff management system. It allows any user to log in as other users,...