CWE-287: Improper Authentication

CVE-2026-0842 is an authentication bypass vulnerability in Flycatcher Toys smART Sketcher's Bluetooth Low Energy interface. Attackers on the same loca...

This vulnerability allows remote attackers to bypass authentication in joey-zhou xiaozhi-esp32-server-java by manipulating cookies. The weakness in th...

CVE-2025-14908 is an authentication bypass vulnerability in JeecgBoot's multi-tenant management module that allows attackers to manipulate tenant ID p...

This vulnerability in huggingface LeRobot up to version 0.3.3 allows attackers on the local network to access ZeroMQ sockets without authentication. I...

This vulnerability in Apereo CAS 6.6 allows attackers to bypass two-factor authentication (2FA) on the /login?service endpoint, potentially leading to...

This CVE describes an authentication protocol downgrade vulnerability in Salt that allows malicious minions to bypass newer security features by using...

This vulnerability in Nix package manager allows man-in-the-middle attacks to intercept HTTPS connections without certificate validation, potentially ...

This vulnerability allows attackers to bypass app-native authentication in WSO2 Identity Server 7.0.0 by passing invalid objects. Organizations using ...

CVE-2025-56578 is an authentication bypass vulnerability in RTSPtoWeb v2.4.3 that allows remote attackers to access sensitive information and execute ...

This vulnerability allows physically proximate attackers to bypass the screen lock mechanism in Trust Wallet v8.45 and view wallet balances without au...

This vulnerability allows remote attackers to bypass authentication in Chia Blockchain's RPC interface by manipulating the _authenticate function. It ...

This vulnerability allows attackers to bypass authentication in CRMEB systems by manipulating the uid parameter in the remoteRegister function. It aff...

This vulnerability allows attackers to bypass authentication in novel-plus by replaying CAPTCHA tokens, potentially gaining unauthorized access to adm...

This CVE describes an improper authentication vulnerability in WCMS that allows attackers to bypass authentication mechanisms by manipulating the uid ...

An unauthenticated database manipulation vulnerability in WhatsUp Gold allows attackers to modify the WrlsMacAddressGroup table without credentials. T...

An authorization vulnerability in iOS and iPadOS allows attackers with physical access to a locked device to view sensitive user information. This aff...

This vulnerability in Paperless-ngx allows remote authenticated users to access the API even when API access has been explicitly disabled in the confi...

This vulnerability in django-allauth allows attackers to potentially impersonate users when using Okta or NetIQ third-party authentication. The issue ...

This authentication bypass vulnerability allows attackers with valid credentials to circumvent multi-factor authentication under specific conditions, ...

This vulnerability in AxxonSoft Axxon One (C-Werk) allows authenticated remote attackers to bypass proper LDAP group membership evaluation during logi...

This vulnerability in Qualcomm UE (User Equipment) authentication processing allows improper authentication that could lead to information disclosure....

This vulnerability allows Active Directory users with expired or disabled accounts to bypass AD restrictions and regain access in Keycloak. It affects...

This vulnerability in Drupal's Login Disable module allows attackers to bypass authentication controls when the module is incorrectly configured. It a...

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to bypass multi-factor authentication (MFA) by switching data sour...

A vulnerability in matrix-rust-sdk's matrix-sdk-crypto crate allows a malicious homeserver to manipulate the UserIdentity::is_verified() method to inc...

This vulnerability in PocketBase allows account takeover when both OAuth2 and password authentication are enabled. A malicious user can register with ...

This vulnerability allows attackers to perform password brute-forcing attacks against Wispotter systems due to improper restriction of authentication ...

This vulnerability allows attackers to bypass intended access controls in the Product Delivery Date for WooCommerce Lite plugin. Attackers can perform...

This vulnerability allows remote attackers to bypass authentication in Shiguangwu sgwbox N3 NAS devices by manipulating the token argument in the POST...

This CVE describes an authentication bypass vulnerability in haxxorsid Stock-Management-System that allows unauthenticated remote attackers to access ...

This vulnerability allows remote attackers to access the ONVIF service on Apeman ID71 cameras without authentication. Attackers can potentially manipu...

This CVE describes an improper authentication vulnerability in roncoo-pay's /user/info/list endpoint, allowing remote attackers to bypass authenticati...

This CVE describes a PendingIntent hijacking vulnerability in Samsung's CertificatePolicy framework component that allows local attackers to bypass co...

This vulnerability allows unauthenticated attackers to calculate the root password of Tenda AC8 routers using a static algorithm based on the device's...

This vulnerability allows attackers to bypass authentication in My-Blog 1.0.0 by capturing and replaying authentication data. It affects all users run...

CVE-2025-8964 is an improper authentication vulnerability in code-projects Hostel Management System 1.0 that allows attackers to bypass login controls...

This vulnerability allows attackers to guess CAPTCHA codes in the pybbs admin login page, potentially enabling brute-force attacks against administrat...

This vulnerability allows remote attackers to bypass authentication on Lucky Technology LM-520 series devices. Affected systems include LM-520-SC, LM-...

CVE-2025-5872 is an authentication bypass vulnerability in eGauge EG3000 Energy Monitor's Setting Handler component. Attackers can remotely access set...

This critical vulnerability in Multilaser Sirius RE016 routers allows attackers to bypass authentication on the password change handler remotely. Atta...

This vulnerability allows unauthenticated remote attackers to reboot TOTOLINK A720R routers by accessing the /cgi-bin/cstecgi.cgi endpoint with a spec...

This CVE describes an authentication bypass vulnerability in Novel-Plus software that allows unauthenticated attackers to access session management fu...

This vulnerability allows remote attackers to bypass authentication on BEC Technologies routers without credentials. Attackers can access the web-base...

Spring Cloud Config Server may ignore client-provided Vault tokens via X-CONFIG-TOKEN header, causing it to persistently use the first token retrieved...

This vulnerability allows remote attackers to bypass authentication mechanisms in TinyWebServer by manipulating the m_url_real argument in http/http_c...

This critical vulnerability in IROAD Dash Cam X5 and X6 allows remote attackers to access video footage and live streams without authentication due to...

CVE-2025-2339 is an improper authentication vulnerability in otale Tale Blog 2.0.5 that allows remote attackers to bypass authentication mechanisms an...

This vulnerability allows a local attacker to perform a man-in-the-middle attack on Apache Cassandra's RMI registry, capturing JMX interface credentia...

CVE-2024-10620 is an improper authentication vulnerability in knightliao Disconf's Configuration Center API endpoint (/api/config/list) that allows re...

This vulnerability allows unauthorized access to Private Browsing tabs in Apple's Safari browser without proper authentication. It affects iOS and iPa...