CWE-287: Improper Authentication

This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenlogin...

This vulnerability allows remote attackers to bypass authentication in CRMEB systems by manipulating the openId parameter in the appleLogin function. ...

This vulnerability allows attackers to bypass authentication in MiniCMS versions up to 1.8 by exploiting an unknown function in the article handler co...

This vulnerability allows remote attackers to bypass authentication in MiniCMS's trash file restore functionality, potentially enabling unauthorized a...

This vulnerability in MiniCMS allows attackers to bypass authentication mechanisms and potentially publish unauthorized pages. It affects MiniCMS vers...

This vulnerability allows remote attackers to bypass authentication in simstudioai sim by manipulating the INTERNAL_API_SECRET argument in the CRON Se...

This vulnerability in Alteryx Server allows attackers to bypass authentication via manipulation of the /gallery/api/status/ endpoint. Remote attackers...

This vulnerability allows attackers to bypass the pairing authentication mechanism in 70mai X200 dashcams, enabling unauthorized access to the device....

CVE-2025-11661 is an authentication bypass vulnerability in ProjectsAndPrograms School Management System that allows attackers to access functionality...

CVE-2025-11287 is an authentication bypass vulnerability in samanhappy MCPHub's SSE service that allows remote attackers to access protected functiona...

This CVE describes an authentication bypass vulnerability in WinterChenS my-site's backend interface. Attackers can manipulate URI parameters to acces...

This critical vulnerability in Kehua Charging Pile Cloud Platform 1.0 allows attackers to bypass authentication mechanisms via the /home endpoint. Rem...

CVE-2025-7897 is an authentication bypass vulnerability in harry0703 MoneyPrinterTurbo's API endpoint that allows attackers to bypass token verificati...

This critical vulnerability in Metasoft MetaCRM allows attackers to bypass authentication via the /debug.jsp endpoint, potentially gaining unauthorize...

This critical vulnerability in TOTOLINK T6 routers allows remote attackers to enable Telnet service without authentication by manipulating the telnet_...

This CVE describes an authentication bypass and information disclosure vulnerability in HPE AutoPass License Server (APLS) versions before 9.18. Attac...

This critical vulnerability in SimStudioAI allows unauthenticated remote attackers to bypass authentication and upload files via the session handler A...

CVE-2025-5985 is an improper authentication vulnerability in code-projects School Fees Payment System 1.0 that allows attackers to bypass authenticati...

CVE-2025-5906 is a critical authentication bypass vulnerability in code-projects Laundry System 1.0 that allows remote attackers to access sensitive d...

This critical vulnerability in shiyi-blog allows attackers to bypass authentication in the administrator backend by exploiting improper authentication...

A critical authentication bypass vulnerability in Novel-Plus allows remote attackers to access the code generation function without authentication. Th...

CVE-2025-2388 is a critical authentication bypass vulnerability in Keytop's roadside parking fee collection system version 2.7.1. Attackers can remote...

This critical vulnerability in D-Link DHP-W310AV powerline adapters allows remote attackers to bypass authentication by spoofing. Attackers can gain u...

This vulnerability allows attackers to bypass authentication in didi DDMQ 1.0's Console Module by manipulating the /;login endpoint. Remote attackers ...

This vulnerability allows remote attackers to execute arbitrary code on affected TheGreenBow VPN clients by sending malformed ECDSA signatures during ...

CVE-2022-4001 is an authentication bypass vulnerability in Motorola Q14 Mesh Router API that allows attackers to access protected API functions withou...

This vulnerability allows attackers to bypass two-factor authentication (2FA) in Nextcloud Server after successfully obtaining valid user credentials....

CVE-2024-37408 is an authentication bypass vulnerability in fprintd fingerprint authentication software. When configured with 'auth sufficient pam_fpr...

This critical vulnerability in Clash for Windows allows remote attackers to bypass authentication on the proxy port component. Attackers can potential...

This vulnerability allows unauthenticated attackers to access REST API endpoints in Polarion ALM's doorsconnector component, potentially enabling remo...

This critical vulnerability in Shanxi Diankeyun Technology NODERP allows attackers to bypass authentication by manipulating cookie parameters (Nod_Use...

This critical vulnerability in OneNav allows attackers to bypass authentication via manipulation of the X-Token parameter in the API endpoint. It enab...

This critical vulnerability in ColumbiaSoft Document Locator allows attackers to bypass authentication via manipulation of the Server parameter in the...

CVE-2023-4415 is an authentication bypass vulnerability in Ruijie RG-EW1200G wireless access points that allows attackers to gain unauthorized access ...

This critical vulnerability in SourceCodester Employee Task Management System 1.0 allows attackers to bypass authentication mechanisms via the changeP...

This vulnerability allows attackers to bypass authentication in Itech Job Portal Script 9.13 by exploiting an unknown flaw in the /admin directory. At...

This vulnerability allows attackers to bypass password confirmation in Samsung's AppLock feature by exploiting implicit intent hijacking. It affects S...

CVE-2022-1248 is a critical authentication bypass vulnerability in SAP Information System 1.0 that allows unauthenticated attackers to create new admi...

CVE-2022-1084 is an authentication bypass vulnerability in SourceCodester One Church Management System 1.0 that allows attackers to bypass authenticat...

Mesa Labs AmegaView versions 3.0 and prior use a weak passcode generation algorithm that can be easily reversed, allowing attackers to calculate valid...

This vulnerability in GitLab Pages allows attackers to steal API tokens through insufficient authentication parameter validation. Attackers can craft ...

A vulnerability in Radiometer medical device software allows remote code execution and unauthorized device management when specific internal condition...

The WooCommerce Order Proposal plugin for WordPress has a privilege escalation vulnerability that allows authenticated attackers with Shop Manager acc...

This vulnerability in pfSense CE 2.6.0 allows attackers to change any user's password without authentication or verification. This affects all pfSense...

CVE-2023-27091 is an improper authentication vulnerability in TeaCMS 2.3.3 that allows attackers to bypass authorization controls via the id and keywo...

SOOTEWAY Wi-Fi Range Extender v1.5 uses default admin credentials for its TELNET service, allowing attackers to remotely access and modify the device ...

This vulnerability in Intel In-Band Manageability software allows a privileged user to bypass authentication mechanisms via network access, potentiall...

This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass Kerberos authentication by exploiting confusion about user...

This vulnerability allows deleted administrator accounts to still authenticate and access the October CMS backend. It affects October CMS v2.0 install...

This CVE describes multiple vulnerabilities in Cisco Small Business 220 Series Smart Switches web management interface that could allow attackers to h...