CWE-287: Improper Authentication

CVE-2024-3080 is an authentication bypass vulnerability affecting certain ASUS router models that allows unauthenticated remote attackers to gain admi...

CVE-2024-22441 is an authentication bypass vulnerability in HPE Cray Parallel Application Launch Service (PALS) that allows unauthenticated attackers ...

This CVE describes an improper authentication vulnerability in Apache Submarine Commons Utils where a default hardcoded secret is used if users don't ...

This vulnerability in Northern.tech Mender Enterprise allows attackers to bypass SAML authentication and take over user accounts. It affects organizat...

CVE-2024-29849 is an authentication bypass vulnerability in Veeam Backup Enterprise Manager that allows unauthenticated attackers to log into the web ...

CVE-2024-3263 allows attackers to easily guess and brute-force passwords in YMS VIS Pro veterinary information systems due to weak credential generati...

This vulnerability allows remote attackers to bypass authentication on NETGEAR ProSAFE Network Management System installations without requiring any c...

This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in the Build App Online WordPress plugin, enabling account tak...

This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in the Checkout Mestres WP WordPress plugin, enabling them to ...

This CVE describes an improper authentication vulnerability in multiple NEC Aterm router models that allows remote attackers to execute arbitrary comm...

This CVE describes an improper authentication vulnerability in multiple NEC Aterm router models that allows unauthenticated remote attackers to execut...

This vulnerability allows unauthenticated attackers to access TeslaMate's Grafana dashboard on port 3000 after discovering the instance on port 4000. ...

CVE-2024-1147 is an authentication bypass vulnerability in OpenText PVCS Version Manager that allows attackers to download files without proper authen...

CVE-2024-28255 is an authentication bypass vulnerability in OpenMetadata's JWT filter that allows attackers to access protected endpoints without vali...

This authentication bypass vulnerability in Arcserve Unified Data Protection allows attackers to gain unauthorized access without valid credentials by...

This vulnerability allows remote attackers to bypass authentication and escalate privileges in Newland Nquire 1000 Interactive Kiosk web management po...

This CVE-2024-21899 is an improper authentication vulnerability in QNAP operating systems that allows attackers to bypass authentication mechanisms an...

This CVE describes an authentication bypass vulnerability in Adobe FrameMaker Publishing Server that allows attackers to gain unauthorized access with...

CVE-2024-21410 is a critical elevation of privilege vulnerability in Microsoft Exchange Server that allows attackers to gain unauthorized administrati...

An improper authentication vulnerability in SonicWall SonicOS SSL-VPN allows remote attackers to bypass authentication under specific conditions. This...

CVE-2023-51982 is an authentication bypass vulnerability in CrateDB's Admin UI component. Attackers can bypass password authentication by setting the ...

This CVE describes an NGINX authentication bypass vulnerability in GL.iNet router firmware that allows unauthenticated attackers to execute arbitrary ...

CVE-2022-34267 is an authentication bypass vulnerability in RWS WorldServer that allows unauthenticated attackers to upload and execute arbitrary Java...

This vulnerability allows attackers to bypass authentication controls in Jamf Pro Server, potentially gaining unauthorized access to administrative fu...

This vulnerability allows remote blocked users to bypass authentication in ProLion CryptoSpike when using LDAP/Active Directory. Attackers can obtain ...

This vulnerability allows authentication bypass on Netwrix Usercube deployment endpoints in misconfigured on-premises installations, leading to privil...

CVE-2023-48312 is a privilege escalation vulnerability in capsule-proxy that allows unauthenticated users to bypass token review mechanisms and intera...

The UserPro WordPress plugin up to version 5.1.1 has an authentication bypass vulnerability in its Facebook login functionality. Unauthenticated attac...

This vulnerability allows unauthenticated attackers to access, modify, or delete any file in ownCloud if they know a victim's username and that victim...

CVE-2023-29155 allows unauthenticated attackers to gain root/admin access to INEA ME RTU devices by exploiting missing authentication requirements. Th...

CVE-2023-44324 is an improper authentication vulnerability in Adobe FrameMaker Publishing Server that allows unauthenticated attackers to bypass secur...

This vulnerability allows remote attackers to execute arbitrary code on affected Tor IoT devices by sending specially crafted MQTT requests. It affect...

This vulnerability allows remote attackers to bypass authentication and gain unauthorized privileges in TheHive and Cortex security platforms when usi...

This vulnerability allows attackers to bypass authentication on MoFi Network MOFI4500-4GXeLTE-V2 routers and execute arbitrary code via crafted HTTP r...

This vulnerability in Devolutions Remote Desktop Manager allows users to bypass permission checks when using remote tools and macros, enabling unautho...

This vulnerability allows attackers to bypass authentication in Konga v0.14.9 by crafting malicious JWT tokens. Attackers can gain unauthorized admini...

CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM (formerly MobileIron Core) that allows remote unauthenticated attackers to acc...

CVE-2023-35078 is an authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated attackers to access admi...

This vulnerability allows attackers to bypass authentication on GeoVision GV-ADR2701 security cameras by manipulating login responses. Affected organi...

CVE-2023-37266 allows unauthenticated attackers to bypass authentication in CasaOS by crafting arbitrary JWTs, gaining root access to execute arbitrar...

This vulnerability allows unauthenticated attackers to bypass authentication in PowerShield SNMP Web Pro 1.1 by directly accessing CGI scripts without...

CVE-2023-32222 is an authentication bypass vulnerability in D-Link DSL-G256DG routers that allows attackers to access the web management interface wit...

Apache Accumulo 2.1.0 has an improper authentication vulnerability where invalid credentials may be accepted, allowing unauthorized access. This affec...

This CVE describes an improper authentication vulnerability in KB-AHR and KB-IRIP series devices that allows attackers to bypass authentication mechan...

This vulnerability allows attackers to bypass authentication on Planet Technologies WDRT-1800AX routers by manipulating the LoginStatus cookie, enabli...

An improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows remote unauthenticated attackers to log in...

This vulnerability allows unauthenticated attackers to bypass authentication in WordPress sites using the RegistrationMagic plugin. By exploiting insu...

This vulnerability allows unauthenticated attackers to reset passwords for any user account, including administrators, in WordPress sites using the Es...

This vulnerability in Shimo VPN Client for macOS allows attackers to bypass authentication by reusing process IDs (PID re-use) in the helper tool. Att...

This vulnerability allows unauthenticated attackers to gain administrative privileges on WordPress sites running the Easy Digital Downloads plugin. At...