CWE-287: Improper Authentication

This authentication bypass vulnerability allows attackers with valid credentials to circumvent multi-factor authentication under specific conditions, ...

This vulnerability in AxxonSoft Axxon One (C-Werk) allows authenticated remote attackers to bypass proper LDAP group membership evaluation during logi...

This vulnerability in Qualcomm UE (User Equipment) authentication processing allows improper authentication that could lead to information disclosure....

This vulnerability allows Active Directory users with expired or disabled accounts to bypass AD restrictions and regain access in Keycloak. It affects...

This vulnerability in Drupal's Login Disable module allows attackers to bypass authentication controls when the module is incorrectly configured. It a...

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to bypass multi-factor authentication (MFA) by switching data sour...

A vulnerability in matrix-rust-sdk's matrix-sdk-crypto crate allows a malicious homeserver to manipulate the UserIdentity::is_verified() method to inc...

This vulnerability in PocketBase allows account takeover when both OAuth2 and password authentication are enabled. A malicious user can register with ...

This vulnerability allows attackers to perform password brute-forcing attacks against Wispotter systems due to improper restriction of authentication ...

This vulnerability allows attackers to bypass intended access controls in the Product Delivery Date for WooCommerce Lite plugin. Attackers can perform...

This vulnerability allows remote attackers to bypass authentication in Shiguangwu sgwbox N3 NAS devices by manipulating the token argument in the POST...

This CVE describes an authentication bypass vulnerability in haxxorsid Stock-Management-System that allows unauthenticated remote attackers to access ...

This vulnerability allows remote attackers to access the ONVIF service on Apeman ID71 cameras without authentication. Attackers can potentially manipu...

This CVE describes an improper authentication vulnerability in roncoo-pay's /user/info/list endpoint, allowing remote attackers to bypass authenticati...

This CVE describes a PendingIntent hijacking vulnerability in Samsung's CertificatePolicy framework component that allows local attackers to bypass co...

This vulnerability allows unauthenticated attackers to calculate the root password of Tenda AC8 routers using a static algorithm based on the device's...

This vulnerability allows attackers to bypass authentication in My-Blog 1.0.0 by capturing and replaying authentication data. It affects all users run...

CVE-2025-8964 is an improper authentication vulnerability in code-projects Hostel Management System 1.0 that allows attackers to bypass login controls...

This vulnerability allows attackers to guess CAPTCHA codes in the pybbs admin login page, potentially enabling brute-force attacks against administrat...

This vulnerability allows remote attackers to bypass authentication on Lucky Technology LM-520 series devices. Affected systems include LM-520-SC, LM-...

CVE-2025-5872 is an authentication bypass vulnerability in eGauge EG3000 Energy Monitor's Setting Handler component. Attackers can remotely access set...

This critical vulnerability in Multilaser Sirius RE016 routers allows attackers to bypass authentication on the password change handler remotely. Atta...

This vulnerability allows unauthenticated remote attackers to reboot TOTOLINK A720R routers by accessing the /cgi-bin/cstecgi.cgi endpoint with a spec...

This CVE describes an authentication bypass vulnerability in Novel-Plus software that allows unauthenticated attackers to access session management fu...

This vulnerability allows remote attackers to bypass authentication on BEC Technologies routers without credentials. Attackers can access the web-base...

Spring Cloud Config Server may ignore client-provided Vault tokens via X-CONFIG-TOKEN header, causing it to persistently use the first token retrieved...

This vulnerability allows remote attackers to bypass authentication mechanisms in TinyWebServer by manipulating the m_url_real argument in http/http_c...

This critical vulnerability in IROAD Dash Cam X5 and X6 allows remote attackers to access video footage and live streams without authentication due to...

CVE-2025-2339 is an improper authentication vulnerability in otale Tale Blog 2.0.5 that allows remote attackers to bypass authentication mechanisms an...

This vulnerability allows a local attacker to perform a man-in-the-middle attack on Apache Cassandra's RMI registry, capturing JMX interface credentia...

CVE-2024-10620 is an improper authentication vulnerability in knightliao Disconf's Configuration Center API endpoint (/api/config/list) that allows re...

This vulnerability allows unauthorized access to Private Browsing tabs in Apple's Safari browser without proper authentication. It affects iOS and iPa...

This vulnerability allows unauthorized access to Private Browsing tabs in iOS/iPadOS without proper authentication. It affects users running vulnerabl...

This vulnerability in Samsung devices' Bluetooth Low Energy (BLE) stack allows nearby attackers to send malformed BLE packets that trigger abnormal be...

This vulnerability in Archer Platform 6 allows unauthenticated attackers to bypass IP whitelisting controls when the X-Forwarded-For header is enabled...

This vulnerability allows remote attackers to bypass two-factor authentication (2FA) in MyTaag software by deactivating the second factor via the /ses...

This vulnerability allows remote attackers to bypass two-factor authentication and deactivate it in MyTaag systems, enabling privilege escalation. It ...

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.13.0 allows authenticated administrators to inject malicious JavaScript via the EI...

This vulnerability in KubeVirt allows an attacker who compromises a virt-handler instance to impersonate virt-api using shared credentials, enabling p...

This vulnerability in KubeVirt allows attackers to bypass RBAC controls by exploiting a flawed mTLS authentication implementation in the virt-api comp...

This vulnerability allows physical attackers to access the BIOS menu on affected Entrust hardware security modules (HSMs) because the BIOS lacks passw...

This vulnerability in Samsung Exynos baseband chips allows incorrect handling of unencrypted messages due to a 3GPP specification implementation error...

An authentication vulnerability in Apple's Mail application allows attackers with physical access to a device to potentially extract Mail account cred...

This vulnerability allows local attackers to bypass authentication in Chia Blockchain's RPC server master passphrase handler, potentially accessing pr...

sudo-rs versions 0.2.5 through 0.2.9 have an authentication bypass vulnerability when using targetpw or rootpw options. The bug incorrectly records th...

NVIDIA Delegated Licensing Service contains an improper authentication vulnerability (CWE-287) that could allow an attacker to bypass authentication m...

Dell OpenManage Network Integration versions before 3.9 have an improper authentication vulnerability that allows low-privileged remote attackers to a...

This vulnerability allows unauthenticated access to the RTSP live video stream endpoint in Ningyuanda TC155 version 57.0.2.0. Attackers on the same lo...

The Construction Light WordPress theme before version 1.6.8 lacks proper authorization and CSRF protection in an AJAX activation function. This allows...

CVAT versions 1.1.0 through 2.41.0 do not enforce email verification when using Basic HTTP Authentication, allowing attackers to create accounts with ...