CWE-287: Improper Authentication

This vulnerability allows unauthenticated attackers to gain administrative privileges on WordPress sites running the Easy Digital Downloads plugin. At...

CVE-2022-35898 is an authentication bypass vulnerability in OpenText BizManager that allows any authenticated user to change passwords for any other u...

The Profile Builder WordPress plugin up to version 3.9.0 uses plaintext password reset keys instead of hashed values, allowing attackers to reset user...

This vulnerability affects the OR1200 processor's ALU unit, where the overflow flag is not updated correctly for msb and mac instructions. This can ca...

CVE-2023-24831 is an authentication bypass vulnerability in Apache IoTDB Grafana Connector that allows attackers to log in without proper credentials....

The ZM Ajax Login & Register WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existi...

This vulnerability allows attackers to bypass two-factor authentication in LIVEBOX Collaboration vDesk by manipulating client-side verification of TOT...

CVE-2023-28121 is an authentication bypass vulnerability in WooCommerce Payments plugin for WordPress that allows unauthenticated attackers to imperso...

This vulnerability in LemonLDAP::NG allows attackers to bypass two-factor authentication (2FA) by exploiting weak session ID generation in the AuthBas...

CVE-2023-28398 allows unauthenticated attackers to create accounts and bypass authentication on Osprey Pump Controller version 1.01, gaining unauthori...

CVE-2023-28609 is an authentication bypass vulnerability in Ansible Semaphore's API authentication handler. It allows attackers to bypass authenticati...

CVE-2023-28461 is a critical remote code execution vulnerability in Array Networks AG Series and vxAG SSL VPN gateways. Attackers can exploit this wit...

CVE-2023-1327 is an authentication bypass vulnerability in Netgear RAX30 routers that allows unauthenticated attackers to reset the admin password and...

This critical vulnerability in H3C A210-G wireless access points allows attackers to bypass authentication without requiring any password. Attackers c...

The Motorola ACE1000 RTU has five preconfigured accounts with default credentials, including two undocumented accounts. This allows attackers to gain ...

This vulnerability allows authentication bypass in LemonLDAP::NG when using the RESTServer plugin with Kerberos authentication combined with another m...

CVE-2022-2197 is an authentication bypass vulnerability in certain industrial control system devices. Attackers with network access to the web interfa...

This CVE describes a critical backdoor vulnerability in multiple Xiaongmai DVR/NVR/IP camera models and firmware versions. The vulnerability exists du...

CVE-2022-33750 is an authentication bypass vulnerability in CA Automic Automation agents that allows remote attackers to execute arbitrary commands wi...

This vulnerability allows unauthenticated remote attackers to bypass LDAP authentication on Cisco Secure Email and Web Manager (formerly SMA) and Cisc...

Online Sports Complex Booking System v1.0 contains an authentication bypass vulnerability that allows attackers to take over user accounts via crafted...

This vulnerability allows unauthenticated attackers to change application settings in Tecson Tankspion and GOKs SmartBox 4 products by accessing a spe...

This authentication bypass vulnerability in Kopano Core and Zarafa Collaboration Platform allows attackers to authenticate with expired user accounts ...

This vulnerability in Joomla! allows account takeover under specific circumstances because user authentication rows aren't properly bound to authentic...

This authentication bypass vulnerability in Zyxel firewall CGI programs allows attackers to circumvent web authentication and gain administrative acce...

This vulnerability allows unauthenticated attackers to remotely reset D-Link DIR-816 A2 routers to factory defaults via a crafted HTTP request. Attack...

CVE-2022-0730 is an authentication bypass vulnerability in Cacti that allows attackers to gain unauthorized access under specific LDAP configurations....

CVE-2022-24259 is an authentication bypass vulnerability in Voipmonitor GUI's cdr.php component that allows unauthenticated attackers to escalate priv...

This vulnerability allows attackers to bypass LDAP authentication in Unisys OS 2200 Messaging Integration Services due to improper password validation...

CVE-2022-23178 allows unauthenticated attackers to retrieve administrative credentials from Crestron HD-MD4X2-4K-E HDMI switchers by accessing aj.html...

CVE-2021-34993 is an authentication bypass vulnerability in Commvault CommCell's CVSearchService that allows remote attackers to access the system wit...

This vulnerability allows attackers to reset passwords on Dahua devices through improper access control in the password reset process. It affects Dahu...

This vulnerability allows attackers to bypass authentication in StarWind SAN/NAS and Command Center by injecting self-signed JWT tokens into the updat...

CVE-2021-45890 is an authentication bypass vulnerability in AuthGuard's BasicAuthProvider that allows authentication using inactive user identifiers. ...

CVE-2021-44676 is an authentication bypass vulnerability in Zoho ManageEngine Access Manager Plus that allows unauthenticated attackers to view sensit...

CVE-2021-4073 is an authentication bypass vulnerability in the RegistrationMagic WordPress plugin that allows unauthenticated attackers to log in as a...

CVE-2021-43931 is an authentication bypass vulnerability in WebHMI portal software that allows attackers to circumvent authentication mechanisms and g...

CVE-2021-43786 is an authentication bypass vulnerability in NodeBB forum software where incorrect token verification logic allowed attackers to gain m...

This vulnerability allows attackers to bypass authentication in Apache ShenYu Admin by exploiting incorrect JWT implementation. It affects Apache Shen...

This CVE describes an authentication bypass vulnerability in Juniper Networks 128 Technology Session Smart Router where an attacker can use an interna...

This vulnerability allows attackers to bypass authentication in Hero-CT060 devices and perform unauthorized operations. It affects all Hero-CT060 devi...

This vulnerability in Grafana allows unauthenticated or authenticated users to view and delete the snapshot with the lowest database key via specific ...

This vulnerability allows attackers to bypass authentication on PTCL HG150-Ub v3.0 routers by manipulating cookie values and response paths. Attackers...

This vulnerability allows attackers to perform unauthorized actions in IBM Cloud Pak for Security due to improper authentication controls. Attackers c...

CVE-2021-35943 allows externally managed users in Couchbase Server to authenticate with empty passwords, violating RFC4513 authentication requirements...

This vulnerability allows attackers to bypass authentication on REST endpoints when DIGEST authentication is configured in Red Hat DataGrid and Infini...

CVE-2021-41317 is an authentication bypass vulnerability in XSS Hunter Express that allows unauthenticated attackers to access administrative paths. T...

CVE-2021-41303 is an authentication bypass vulnerability in Apache Shiro when used with Spring Boot. A specially crafted HTTP request can allow attack...

CVE-2021-33044 is an authentication bypass vulnerability in certain Dahua security products that allows attackers to gain unauthorized access by sendi...

CVE-2021-40350 is an authentication bypass vulnerability in Christie Digital DWU850-GS projectors that allows attackers to perform any administrative ...