CWE-287: Improper Authentication

This vulnerability allows malicious apps to bypass identity verification during pre-authorization, potentially gaining unauthorized access to system r...

This vulnerability allows malicious applications to bypass proper identity verification during pre-authorization processes. Attackers can exploit this...

This vulnerability allows attackers to bypass authentication on D-Link DIR-890L routers running firmware version 1.10 A1. Attackers can gain unauthori...

This CVE describes an authentication misconfiguration vulnerability in Android's PasspointXmlUtils.java that could allow remote information disclosure...

This vulnerability in SolarWinds SAM occurs when polling via IP address forces NTLM authentication instead of the expected Kerberos, potentially expos...

CVE-2016-0796 affects WordPress mb.miniAudioPlayer plugin versions up to 1.7.6, allowing attackers to bypass security controls and download arbitrary ...

CVE-2022-31164 is an authentication bypass vulnerability in Tovy, a Roblox group staff management system. It allows any user to log in as other users,...

CVE-2022-32276 allows unauthenticated access to Grafana dashboard snapshots via specific URLs, bypassing authentication requirements. This affects Gra...

This vulnerability allows attackers to bypass WPA2 encryption on D-Link DIR-850L routers by exploiting an incomplete WPA handshake. Attackers can send...

CVE-2022-29865 is an authentication bypass vulnerability in the OPC UA .NET Standard Stack that allows remote attackers to bypass application authenti...

Barco Control Room Management Suite web application exposes log files without requiring authentication. This allows attackers to read sensitive system...

This vulnerability allows attackers to bypass authentication in Parse Server's Apple Game Center adapter by exploiting improper URL validation of Appl...

This vulnerability allows attackers to bypass password confirmation requirements in MISP by sending requests with an 'Accept: application/json' header...

CVE-2021-46740 is an authentication bypass vulnerability in Huawei/HarmonyOS device authentication service modules. It allows attackers to bypass auth...

This vulnerability in iptime NAS2dual devices allows remote attackers to bypass authentication mechanisms and access shared folders or change user pas...

CVE-2022-23317 is an improper authentication vulnerability in Cobalt Strike's HTTP(S) listener that allows attackers to bypass authentication by sendi...

XMPie uStore 12.3.7244.0 contains a vulnerability where administrators can execute raw SQL queries through report generation functionality. Since the ...

This vulnerability allows attackers with revoked administrator accounts to modify project Users & Roles settings in Atlassian Jira Server and Data Cen...

CVE-2021-37043 is a stack-based buffer overflow vulnerability in Huawei smartphones running HarmonyOS. Successful exploitation could allow malicious a...

This vulnerability in JetBrains Ktor allows improper nonce verification during OAuth2 authentication, potentially enabling attackers to bypass authent...

FreeSWITCH versions before 1.10.7 do not authenticate SIP MESSAGE requests by default, allowing attackers to send spoofed chat messages to registered ...

This vulnerability allows improper authentication of EAP WAPI EAPOL frames from unauthenticated users, potentially leading to information disclosure. ...

This vulnerability in Jitsi Meet allows attackers to forge JSON Web Tokens using symmetric algorithms to gain unauthorized access to protected video c...

This vulnerability in Midnight Commander's SFTP implementation fails to verify server fingerprints during connection establishment. This allows man-in...

CVE-2021-22025 is a broken access control vulnerability in VMware vRealize Operations Manager API that allows unauthenticated attackers to add new nod...

This vulnerability allows attackers to bypass authentication on Siemens SIMATIC S7-1200 PLCs when provisioned with TIA Portal V13, enabling unauthoriz...

This vulnerability allows unauthenticated attackers to change passwords on Crestron DM-NVX devices via WebSocket requests. It affects Crestron DM-NVX-...

CVE-2021-34675 is an authentication bypass vulnerability in Basix NEX-Forms WordPress plugin that allows unauthenticated attackers to access stored PD...

CVE-2020-22176 allows remote unauthenticated attackers to access sensitive user information in PHPGurukul Hospital Management System v4.0. This affect...

This vulnerability allows attackers with valid external authentication (SSO or OpenID) to impersonate existing local users in Red Hat Satellite, gaini...

This vulnerability allows unauthorized actors to access sensitive information through the web interfaces of affected Buffalo routers. It affects users...

This vulnerability allows remote unauthenticated attackers to bypass authentication in Mitsubishi Electric GOT2000 and GOT SIMPLE series HMI VNC serve...

The ABUS Secvest wireless alarm system FUAA50000 fails to properly authenticate requests to its HTTPS interface, allowing attackers to obtain sensitiv...

CVE-2021-27990 is an authentication bypass vulnerability in Appspace 6.2.4 that allows attackers to directly access sensitive pages like /medianet/mai...

CVE-2021-22496 is an authentication bypass vulnerability in Micro Focus Access Manager that allows attackers to bypass authentication mechanisms and p...

HashiCorp Vault Enterprise versions 1.6.0 and 1.6.1 allow unauthenticated execution of the 'remove-peer' raft operator command on DR (Disaster Recover...

CVE-2020-28874 is an authentication bypass vulnerability in ProjectSend's password reset functionality. Attackers can reset any user's password withou...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Aruba AirWave Glass versions before 1.3.3. Attackers can exploit an unauthent...

This vulnerability allows attackers to bypass authentication in NEC UNIVERGE SV9500 and SV8500 PBX systems by sending specially crafted requests to a ...

The iThemes Security plugin for WordPress before version 7.7.0 fails to enforce password changes immediately when required, allowing users to continue...

This vulnerability allows attackers to bypass authentication and access sensitive log and backup data on Emerson Rosemount X-STREAM gas analyzers. By ...

CVE-2020-27199 allows attackers to bypass authentication in the Magic Home Pro Android app by forging user tokens without valid credentials. This affe...

This vulnerability in Android's certificate installer allows improperly installed certificates due to a logic error, potentially enabling remote infor...

CVE-2020-27408 allows unauthenticated attackers to reset passwords for any user in OpenSIS Community Edition. This affects all OpenSIS Community Editi...

CVE-2021-29487 is an authentication bypass vulnerability in October CMS that allows unauthenticated attackers to take over user accounts. Attackers ne...

This CVE describes an authentication bypass vulnerability in DataLinkDC Dinky's OpenAPI endpoint. Attackers can remotely exploit this to access admini...

CVE-2025-10463 is an improper authentication vulnerability in Birtech Senseway that allows attackers to bypass authentication mechanisms and gain unau...

CVE-2026-2174 is an authentication bypass vulnerability in code-projects Contact Management System 1.0 that allows attackers to manipulate CRUD endpoi...

CVE-2026-2165 is an authentication bypass vulnerability in detronetdip E-commerce 1.0.0 that allows unauthenticated attackers to create admin accounts...

This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenlogin...