CWE-287: Improper Authentication

Multiple vulnerabilities in Cisco Small Business 220 Series Smart Switches web management interface allow attackers to hijack user sessions, execute a...

Multiple vulnerabilities in Cisco Small Business 220 Series Smart Switches web management interface allow attackers to hijack user sessions, execute a...

This CVE-2021-20288 vulnerability in Ceph allows attackers to reuse authentication keys by exploiting improper sanitization of other_keys during CEPHX...

This Broken Authentication vulnerability in Atlassian Jira allows remote attackers to bypass firewall protections for app-linked resources via the mak...

An improper authentication vulnerability in Gmission Web Fax allows attackers to bypass authentication mechanisms and escalate privileges. This affect...

This CVE describes an authentication bypass vulnerability in Huawei device management channels that could allow unauthorized access to management func...

This vulnerability in djoser authentication library allows attackers to bypass custom authentication mechanisms like 2FA, LDAP validation, or other co...

This vulnerability in IBM Storage Scale Container Native Storage Access allows a local attacker to initiate connections from a container outside its c...

CVE-2023-33070 is a vulnerability in Qualcomm Automotive OS where improper authentication to secure IO calls allows attackers to cause a transient den...

CVE-2021-44056 is an improper authentication vulnerability in QNAP Video Station that allows attackers to bypass authentication mechanisms. This affec...

This vulnerability in Microsoft Azure Active Directory Connect allows attackers to bypass authentication mechanisms, potentially gaining unauthorized ...

CVE-2021-26088 is an authentication bypass vulnerability in Fortinet's FSSO Collector that allows unauthenticated attackers to bypass firewall policie...

This vulnerability in Ansible Tower allows attackers to obtain non-expiring OAuth2 refresh tokens when requesting authentication tokens. Any user who ...

An unauthenticated remote attacker can exploit improper authentication in Gallagher Command Centre Server to create items with invalid configuration, ...

CVE-2026-21508 is an improper authentication vulnerability in Windows Storage that allows authenticated attackers to elevate privileges locally. This ...

This vulnerability allows attackers to obtain administrator session IDs from cron log backup files in Pandora FMS. By accessing these files, attackers...

This authentication bypass vulnerability in SysAid allows attackers to access the system without valid credentials by navigating through specific JSP ...

Parse Server versions before 7.5.2 and 8.0.2 have an authentication vulnerability where third-party authentication provider credentials can be reused ...

This vulnerability allows unauthorized users to ingest OpenTelemetry Logs data into OpenSearch Data Prepper when custom authentication plugins are imp...

CVE-2025-37731 is an improper authentication vulnerability in Elasticsearch's PKI realm that allows user impersonation via specially crafted client ce...

A cross-tenant authentication vulnerability in WSO2 products allows privileged users in one tenant to forge authentication cookies for users in other ...

This CVE describes an authentication bypass vulnerability in Schneider Electric EPAS-UI software where an attacker with physical access can reboot the...

This vulnerability allows attackers with physical access to GNCC's GC2 Indoor Security Camera 1080P to bypass authentication and gain privileged comma...

This vulnerability allows local privilege escalation on MediaTek devices due to an insecure default value in the preloader component. An attacker with...

This vulnerability allows attackers to bypass authentication on macOS systems running vulnerable FortiClient versions by using an empty password. It a...

This vulnerability in Xerox printers allows attackers with admin access to redirect LDAP authentication requests to malicious servers, potentially cap...

This vulnerability in the Drupal Admin LTE theme allows improper authentication due to CWE-287 (Improper Authentication). It affects all versions of t...

This vulnerability allows administrators to retrieve authentication tokens, potentially enabling privilege escalation or lateral movement. It affects ...

This vulnerability allows remote unauthenticated attackers to access administrative information-retrieval functions in ZBT WE2001 devices. Attackers c...

An improper authentication vulnerability in Delinea Secret Server On-Prem allows secrets with 'change password on check in' enabled to automatically c...

This vulnerability in Pterodactyl allows attackers to reuse intercepted TOTP 2FA tokens within their 60-second validity window. Users with 2FA enabled...

This vulnerability in MiniCMS allows attackers to bypass authentication and delete pages remotely without proper credentials. It affects MiniCMS versi...

A legacy API in Zeroheight SaaS allowed account creation without email verification. While unverified accounts couldn't access product features, this ...

An improper authentication vulnerability in Hikvision DVR/NVR devices allows attackers with physical access to the serial port to execute unauthorized...

Flask-AppBuilder versions before 4.8.1 have a vulnerability where the password reset endpoint remains accessible when using OAuth, LDAP, or other non-...

Directus versions 9.12.0 through 11.8.0 have an authentication bypass vulnerability in manual trigger Flows. Attackers can execute Flows without prope...

CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that allows unauthorized attackers to perform spoofing attacks over...

This vulnerability allows attackers to bypass Basic Authentication in Pekko Management when configured via Java DSL, potentially exposing management A...

CVE-2025-24949 is an authentication bypass vulnerability in JotUrl 2.0 that allows attackers to change passwords without meeting security requirements...

This vulnerability allows attackers to bypass two-factor authentication in LIVEBOX Collaboration vDesk by generating backup codes before TOTP verifica...

This vulnerability in Beetel 777VR1 routers allows attackers to bypass authentication via the UART interface, potentially gaining unauthorized access ...

This vulnerability allows attackers to bypass PKI authentication in SaltStack by presenting only a public certificate without the corresponding privat...

CVE-2026-2065 is an authentication bypass vulnerability in Flycatcher Toys smART Pixelator 2.0's Bluetooth Low Energy interface. Attackers on the loca...

CVE-2026-0842 is an authentication bypass vulnerability in Flycatcher Toys smART Sketcher's Bluetooth Low Energy interface. Attackers on the same loca...

This vulnerability allows remote attackers to bypass authentication in joey-zhou xiaozhi-esp32-server-java by manipulating cookies. The weakness in th...

CVE-2025-14908 is an authentication bypass vulnerability in JeecgBoot's multi-tenant management module that allows attackers to manipulate tenant ID p...

This vulnerability in huggingface LeRobot up to version 0.3.3 allows attackers on the local network to access ZeroMQ sockets without authentication. I...

This vulnerability in Apereo CAS 6.6 allows attackers to bypass two-factor authentication (2FA) on the /login?service endpoint, potentially leading to...

This CVE describes an authentication protocol downgrade vulnerability in Salt that allows malicious minions to bypass newer security features by using...

This vulnerability in Nix package manager allows man-in-the-middle attacks to intercept HTTPS connections without certificate validation, potentially ...