CWE-287: Improper Authentication

sudo-rs versions 0.2.5 through 0.2.9 have an authentication bypass vulnerability when using targetpw or rootpw options. The bug incorrectly records th...

NVIDIA Delegated Licensing Service contains an improper authentication vulnerability (CWE-287) that could allow an attacker to bypass authentication m...

Dell OpenManage Network Integration versions before 3.9 have an improper authentication vulnerability that allows low-privileged remote attackers to a...

This vulnerability allows unauthenticated access to the RTSP live video stream endpoint in Ningyuanda TC155 version 57.0.2.0. Attackers on the same lo...

The Construction Light WordPress theme before version 1.6.8 lacks proper authorization and CSRF protection in an AJAX activation function. This allows...

CVAT versions 1.1.0 through 2.41.0 do not enforce email verification when using Basic HTTP Authentication, allowing attackers to create accounts with ...

This vulnerability allows unauthenticated access to live video streams from 70mai M300 dash cameras. Attackers on the same local network can view real...

A syntax error in ExtremeCloud Universal ZTNA's 'searchKeyword' condition allows users to bypass the owner_id filter, potentially enabling them to sea...

A Moodle vulnerability allows some users to access sensitive student information before identity verification via 2FA is completed. This affects Moodl...

This vulnerability in Firefox for iOS allows QR codes containing website URLs to open those URLs automatically without user confirmation. It affects F...

This CVE describes an instruction authentication bypass vulnerability in Huawei's Findnetwork module that allows attackers to bypass authentication me...

CVE-2023-45038 is an improper authentication vulnerability in QNAP Music Station that could allow attackers to bypass authentication mechanisms. This ...

This CVE describes an improper authentication vulnerability in the Play.Ht WordPress plugin that allows attackers to bypass access controls and access...

This vulnerability allows physical attackers to bypass authentication and access Samsung Secure Folder in specific scenarios. It affects Samsung devic...

Mattermost mobile apps up to version 2.16.0 fail to properly validate push notification origins, allowing malicious servers to impersonate legitimate ...

This vulnerability in Samsung's SemClipboard service allows attackers to bypass access controls and read arbitrary files with system-level permissions...

This CVE describes an authentication bypass vulnerability in DJI drone models (Mavic Mini, Air, Spark, Mini SE) through capture-replay attacks on the ...

Curl incorrectly uses SSH agent authentication for SCP/SFTP transfers even when explicitly configured for public key authentication. This allows attac...

This vulnerability in Nextcloud Approval app allows authenticated users listed as requesters in workflows to mark other users' files as 'pending appro...

Orthanc versions before 1.12.10 have an authorization logic flaw in HTTP Basic Authentication that allows privilege escalation. Attackers can exploit ...

This authentication bypass vulnerability in VIGI camera models allows attackers on the same local network to reset the admin password without verifica...

CVE-2025-67859 is an improper authentication vulnerability in TLP (a power management tool for Linux) that allows local users to bypass polkit authent...

This vulnerability in wolfssl-py allows attackers to bypass mutual TLS (mTLS) client authentication by omitting client certificates during TLS handsha...

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allows unauthenticated users to interact with restricted chat agents. T...

This CVE describes an improper authentication vulnerability in the TYPO3 extension 'Modules' (codingms/modules). It allows attackers to bypass authent...

An authentication bypass vulnerability in Milvus Proxy allows unauthenticated attackers to gain full administrative access to Milvus clusters. This en...

An incorrect authentication vulnerability in OpenSIAC could allow attackers to impersonate legitimate users who authenticate via Spain's Cl@ve system....

This CVE describes an authentication bypass vulnerability in Fedify, a TypeScript library for ActivityPub federated servers. It allows unauthenticated...