CWE-287: Improper Authentication

The RingCentral Communications plugin for WordPress versions 1.5 to 1.6.8 contains an authentication bypass vulnerability in the ringcentral_admin_log...

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability that allows attackers to access APIs without any authentication token. This affects ...

CVE-2024-50644 is an authentication bypass vulnerability in zhisheng17 blog version 3.0.1-SNAPSHOT that allows attackers to access APIs without valid ...

This vulnerability allows remote attackers to execute arbitrary code on systems running Roadcute API v.1 by exploiting a password reset endpoint that ...

This vulnerability allows attackers to bypass authentication on Chavara Matrimony Site v2.0 by exploiting a flaw in the OTP mechanism. Attackers can g...

This vulnerability allows attackers to reroute authentication requests from Secrets Manager to malicious servers when network devices are misconfigure...

This authentication bypass vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware allows attackers to remotely enable Telnet service without ...

COROS PACE 3 smartwatches through firmware version 3.0808.0 incorrectly identify themselves as devices without input/output capabilities, forcing Blue...

This CVE describes a permission vulnerability in the BoomPlayer mobile application that allows unauthorized operations. Attackers could potentially by...

CVE-2025-49001 is a critical authentication bypass vulnerability in DataEase where JWT token secret verification fails, allowing attackers to forge va...

This vulnerability in Ocuco Innovation's INNOVASERVICEINTF.EXE allows attackers to bypass authentication and gain Administrator privileges by sending ...

This vulnerability in Ocuco Innovation's INVCLIENT.EXE allows attackers to bypass authentication and gain Administrator privileges by sending a specia...

This vulnerability allows remote attackers to bypass administrator login authentication on D-Link DI-8100 routers. Attackers can gain administrative a...

This vulnerability allows remote attackers to bypass authentication on Netgear DGND3700 routers via manipulation of the /BRS_top.html file. Attackers ...

The Jenkins WSO2 Oauth Plugin 1.0 and earlier contains an authentication bypass vulnerability where the plugin accepts authentication claims without v...

This vulnerability allows attackers to bypass PKCE (Proof Key for Code Exchange) protection in the workers-oauth-provider component of Cloudflare's MC...

This vulnerability allows password autofill to incorrectly populate passwords even after authentication fails, potentially exposing credentials. It af...

CVE-2024-13804 is an unauthenticated remote code execution vulnerability in HPE Insight Cluster Management Utility. Attackers can execute arbitrary co...

This vulnerability allows attackers with network access to intercept traffic and steal user session cookies, enabling session hijacking. Attackers can...

This vulnerability allows unauthenticated attackers to reset any user's password without verifying the old password, including admin accounts. It affe...

This vulnerability allows attackers to bypass authentication in DataEase, potentially gaining unauthorized access to sensitive business intelligence d...

This vulnerability affects SINAMICS S200 industrial drives with specific serial numbers, allowing attackers to exploit an unlocked bootloader to injec...

The WPCOM Member WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, inc...

This vulnerability allows attackers to bypass OAuth authentication in Vasion Print (formerly PrinterLogic) systems, potentially gaining unauthorized a...

This critical vulnerability in D-Link DIR-859 routers allows attackers to bypass authentication by forging POST requests to the /getcfg.php page, pote...

This vulnerability allows attackers to bypass authentication on TP-Link Archer C20 routers by adding a specific Referer header to requests targeting i...

This critical authentication bypass vulnerability allows remote attackers to completely bypass authentication on Logsign Unified SecOps Platform insta...

A critical authentication bypass vulnerability in compop.ca ONLINE MALL v3.5.3 allows remote attackers to execute arbitrary code by manipulating rid, ...

This vulnerability involves insecure default credentials for the Telnet function in Zyxel VMG4325-B10A DSL CPE devices. Attackers can log into the man...

CVE-2025-0637 is an improper authentication vulnerability in Beta10 software that allows unauthenticated attackers to access restricted areas and perf...

This vulnerability allows unauthenticated attackers to bypass authentication in the Paid Membership Subscriptions WordPress plugin by using a known pa...

This vulnerability allows unauthenticated attackers to create administrative user accounts on WordPress sites using the PayU CommercePro Plugin. All W...

The Biagiotti Membership plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, ...

The Sign In With Google WordPress plugin up to version 1.8.0 contains an authentication bypass vulnerability due to insufficient null value checks in ...

Cobbler versions 3.0.0 through 3.2.2 and 3.3.0 through 3.3.6 have an authentication bypass vulnerability where the get_shared_secret() function always...

WhatsUp Gold versions before 2024.0.0 contain an authentication bypass vulnerability that allows attackers to obtain encrypted user credentials withou...

This CVE describes an authentication bypass vulnerability in Apache Solr's PKIAuthenticationPlugin. Attackers can bypass authentication by appending a...

The Ultimate Membership Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, i...

CVE-2024-45115 is an improper authentication vulnerability in Adobe Commerce that allows attackers to bypass authentication mechanisms and gain elevat...

This vulnerability allows attackers to bypass the weak 4-digit PIN protection on SENTRON 7KM PAC3200 devices via Modbus TCP interface. Attackers can b...

CVE-2024-47218 is an authentication bypass vulnerability in vesoft NebulaGraph that allows attackers to access the system without valid credentials. T...

CVE-2024-34399 is a critical authentication bypass vulnerability in BMC Remedy Mid Tier 7.6.04 that allows unauthenticated remote attackers to access ...

Loftware Spectrum versions before 4.6 HF14 have a critical authentication bypass vulnerability that allows unauthenticated attackers to execute privil...

An authentication bypass vulnerability in Foreman with External Authentication allows attackers to gain administrative access by exploiting Apache mod...

An authentication bypass vulnerability in Flowise version 1.8.2 allows remote unauthenticated attackers to access administrator API endpoints and rest...

This vulnerability allows remote unauthenticated attackers to bypass authentication on Ivanti vTM admin panels. Attackers can gain administrative acce...

This vulnerability allows an unauthorized attacker on the same network to bypass authentication in Ivanti EPMM's web component and execute arbitrary c...

CVE-2024-22442 is an authentication bypass vulnerability in HPE products that allows remote attackers to gain unauthorized access without valid creden...

The InstaWP Connect WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, ...

This vulnerability allows attackers who have already compromised access to a Devolutions Remote Desktop Manager instance to bypass the vault master pa...