CWE-287: Improper Authentication

This vulnerability allows attackers to bypass authentication and access sensitive configuration and diagnostic endpoints in VMware Workspace ONE Acces...

This vulnerability allows attackers to bypass CAPTCHA protection in Zoho ManageEngine ADSelfService Plus, potentially enabling brute-force attacks or ...

CVE-2021-37597 is an authentication bypass vulnerability in WP Cerber security plugin for WordPress that allows attackers to bypass multi-factor authe...

This vulnerability in the Profile Builder WordPress plugin allows any user to reset the administrator password without proper authorization, potential...

CVE-2014-9320 is a critical vulnerability in SAP BusinessObjects Edge 4.1 that allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_T...

This vulnerability allows attackers to bypass authentication in IBM InfoSphere Data Replication and Change Data Capture for z/OS by using an empty pas...

CVE-2021-34690 allows unauthenticated remote attackers to bypass cloud authentication in iDrive RemotePC for Windows, enabling them to connect to and ...

CVE-2021-21994 is an authentication bypass vulnerability in SFCB (Small Footprint CIM Broker) used in VMware ESXi. An attacker with network access to ...

CVE-2021-20776 is an authentication bypass vulnerability in specific Sharp and Aterm routers that allows attackers to execute arbitrary commands via t...

This authentication bypass vulnerability in Zyxel security appliances allows remote attackers to execute arbitrary commands without valid credentials....

CVE-2021-30648 is an authentication bypass vulnerability in Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles. Unauthenticate...

CVE-2021-21998 is an authentication bypass vulnerability in VMware Carbon Black App Control that allows attackers with network access to the managemen...

This vulnerability in SAP NetWeaver ABAP Server and ABAP Platform allows improper authentication due to inconsistent formatting of RFC user informatio...

This critical vulnerability in Bosch IP cameras allows unauthenticated remote attackers to extract sensitive information or modify camera settings by ...

This CVE describes an authentication bypass vulnerability in CHIYU Technology's telnet server implementation for specific IoT converter devices. Attac...

This vulnerability allows attackers to bypass Active Directory authentication on BIG-IP APM systems by spoofing Kerberos authentication responses. Aff...

Hongdian H8922 devices have a backdoor telnet service on port 5188 with hardcoded superuser credentials (root:superzxmn). This allows attackers to gai...

This vulnerability allows unauthenticated attackers to bypass authentication on ASUS GT-AC2900 and Lyra Mini routers by sending specially crafted inpu...

This vulnerability allows remote attackers to bypass authentication in Online Book Store v1.0 via the admin_verify.php file, enabling unauthorized acc...

CVE-2021-27651 is an authentication bypass vulnerability in Pega Infinity that allows attackers to reset passwords for local accounts without proper a...

CVE-2021-20020 is a critical authentication bypass vulnerability in SonicWall Global Management System (GMS) that allows remote unauthenticated attack...

CVE-2021-22507 is an authentication bypass vulnerability in Micro Focus Operations Bridge Manager that allows remote attackers to gain unauthorized ac...

This critical vulnerability in the Plus Addons for Elementor WordPress plugin allows unauthenticated attackers to bypass authentication completely. At...

CVE-2021-29012 is a critical authentication bypass vulnerability in DMA Softlab Radius Manager 4.4.0 where the same static session cookie is assigned ...

This vulnerability allows unauthenticated attackers to bypass authentication in the MStore API WordPress plugin by exploiting a business logic flaw in...

This vulnerability allows local attackers to execute arbitrary code via Salt without valid credentials due to improper authentication. It affects SUSE...

This vulnerability in SaltStack Salt allows unauthenticated remote attackers to execute arbitrary wheel modules on the Salt master via salt-api. The w...

This vulnerability allows authentication bypass in Epikur software by using a hardcoded backdoor password. Any attacker who discovers this password ca...

CVE-2020-17523 is an authentication bypass vulnerability in Apache Shiro when used with Spring. Attackers can craft HTTP requests to bypass authentica...

This vulnerability allows attackers with a specific private key to authenticate as root on affected Mofi routers without knowing the actual root passw...

Loxone Miniserver devices with vulnerable firmware cannot properly authenticate with cloud services, allowing attackers to spoof devices and potential...

This critical vulnerability in NEC server BMC firmware allows remote attackers to bypass authentication entirely. Attackers can then access/modify BMC...

The Limit Login Attempts WordPress plugin before version 1.7.1 fails to clear authentication cookies when locking out users after failed login attempt...

CVE-2020-25848 is an authentication bypass vulnerability in HGiga MailSherlock that allows remote attackers to gain administrative privileges using we...

This vulnerability allows attackers to bypass authentication in Zammad's SSO endpoint by sending a crafted header when SSO is not configured. Attacker...

CVE-2020-24675 is an authentication bypass vulnerability in ABB's S+ Operations and S+ History software that allows unauthenticated attackers to injec...

This Linux-PAM vulnerability allows authentication bypass for non-existent users with empty passwords, effectively granting root access. It affects Li...

This vulnerability in Trend Micro InterScan Web Security Virtual Appliance allows an attacker to combine CSRF bypass and authentication bypass vulnera...

CVE-2020-4747 is an authentication bypass vulnerability in IBM Connect:Direct for UNIX that allows local or remote users to obtain authenticated CLI s...

This vulnerability allows unauthenticated attackers to bypass authentication on Western Digital My Cloud OS 5 devices, gaining administrative access t...

This vulnerability allows unauthenticated attackers to bypass authentication on Western Digital My Cloud OS 5 devices and execute privileged commands....

This vulnerability allows authentication bypass on Fujitsu Eternus Storage DX200 S4 devices. After a root user logs into the web portal, attackers can...

CVE-2019-20933 is an authentication bypass vulnerability in InfluxDB where JWT tokens with empty shared secrets are incorrectly accepted as valid. Thi...

CVE-2020-28638 is a critical authentication bypass vulnerability in Tomb's password handling. When pinentry-curses is used with a non-empty DISPLAY en...

This vulnerability allows authentication bypass in Hazelcast IMDG Enterprise and Jet Enterprise when using LDAP authentication with system-user-dn con...

This vulnerability allows authentication bypass in MongoDB Simple LDAP plugin for Percona Server when using SimpleLDAP authentication with Microsoft A...

CVE-2020-25592 is an authentication bypass vulnerability in SaltStack Salt's REST API (salt-netapi) that allows attackers to execute arbitrary command...

CVE-2020-17510 is an authentication bypass vulnerability in Apache Shiro when used with Spring. A specially crafted HTTP request can bypass authentica...

CVE-2020-7197 is a critical authentication bypass vulnerability in HPE StoreServ Management Console (SSMC) 3.7.0.0 that allows remote attackers to gai...

CVE-2020-24629 is an authentication bypass vulnerability in HPE Intelligent Management Center's urlaccesscontroller component. Attackers can remotely ...