CWE-287: Improper Authentication

This CVE describes multiple authentication bypass vulnerabilities in the WAVLINK WN530H4 router's /cgi-bin/ endpoint. Attackers can access router sett...

CVE-2020-26105 is an authentication bypass vulnerability in cPanel's chkservd service that uses insecure test credentials on templated virtual machine...

This critical vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrative access to Cisco Firepower Managem...

CVE-2020-16098 allows unauthenticated attackers to enumerate access card credentials from Gallagher Command Centre security systems via network connec...

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC18 routers without authentication when the administrator UI is configu...

CVE-2020-24029 allows unauthenticated attackers to change passwords in ForLogic Qualiex v1 and v3 without proper validation, enabling unauthorized acc...

CVE-2020-5777 allows remote attackers to bypass authentication in MAGMI (Magento Mass Importer) by overwhelming database connections and exploiting de...

This vulnerability allows unauthenticated attackers to bypass authentication in multiple Zoho ManageEngine products via a Java servlet. Attackers can ...

This vulnerability allows remote unauthenticated attackers to bypass authentication and send manipulated communication packets to Yokogawa industrial ...

CVE-2020-5616 is an authentication bypass vulnerability in multiple PHP-Factory free edition web applications that allows remote attackers to gain adm...

CVE-2020-3297 allows unauthenticated remote attackers to bypass authentication on Cisco Small Business Smart and Managed Switches by brute-forcing wea...

This vulnerability allows attackers to bypass authentication on affected Hikvision IP cameras and surveillance devices, potentially gaining unauthoriz...

A signature verification vulnerability in Rapid7 InsightVM's Assertion Consumer Service allows attackers to bypass authentication and gain unauthorize...

CVE-2025-66022 is a critical vulnerability in FACTION PenTesting Report Generation Framework that allows unauthenticated attackers to upload malicious...

This authentication bypass vulnerability in MAAS allows attackers to execute unauthorized RPC commands without proper credentials. Systems running vul...

This vulnerability in authentik allows session hijacking through Remote Access Control (RAC) tokens. An attacker who obtains a RAC token URL (e.g., vi...

This vulnerability allows attackers to bypass authentication in Xiaomi Mi Connect Service APP due to flawed validation logic, enabling unauthorized ac...

This CVE-2025-30215 is an improper access control vulnerability in NATS-Server's JetStream management system. It allows any user with JetStream manage...

This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by exploiting improper authentica...

This vulnerability in VMware's deprecated Enhanced Authentication Plug-in (EAP) allows attackers to trick users into relaying authentication requests,...

CVE-2023-28727 is an authentication bypass vulnerability in Panasonic AiSEG2 home energy management systems. Attackers on the same network can bypass ...

CVE-2022-24422 is an improper authentication vulnerability in Dell iDRAC9 that allows remote unauthenticated attackers to bypass authentication and ga...

This vulnerability allows unauthenticated attackers to send specially crafted POST requests to Digi PortServer TS 16 Rack devices, enabling SNMP servi...

This vulnerability allows unprivileged users to bypass authentication in Arista's Metamako Operating System Web UI under certain conditions. It affect...

This vulnerability allows an attacker who has already compromised a network to take control of UniFi Protect cameras on that network. It affects UniFi...

Dell EMC iDRAC9 versions 4.40.00.00 through 4.40.10.00 contain an improper authentication vulnerability that allows remote unauthenticated attackers t...

This vulnerability allows attackers to bypass email verification requirements in GitLab's OAuth flow, enabling unauthorized account access. It affects...

An authentication bypass vulnerability in Mitel MiVoice MX-ONE Provisioning Manager allows unauthenticated attackers to gain unauthorized access to us...

This vulnerability allows authentication bypass in ZimaOS by exploiting improper password validation for system service accounts. Attackers can gain a...

This vulnerability allows attackers to bypass authentication in Formbricks by forging JWT tokens without signature verification. Attackers who know a ...

This critical authentication bypass vulnerability in Ruijie RG-ES series switches allows remote attackers to gain full administrative control without ...

This vulnerability allows an attacker to impersonate legitimate nodes in a Meshtastic mesh network by manipulating public key assignments. Attackers c...

CVE-2023-6768 is an authentication bypass vulnerability in Amazing Little Poll that allows unauthenticated attackers to access the admin panel without...

This vulnerability allows attackers to bypass image verification in Qualcomm Snapdragon chipsets by exploiting improper validation of ELF metadata in ...

This critical vulnerability in Sentry's SAML SSO implementation allows attackers to take over any user account by exploiting misconfigured multi-organ...

This vulnerability in Antrea's network policy priority assignment system causes incorrect traffic enforcement due to a uint16 arithmetic overflow when...

This critical authentication bypass vulnerability in Kanboard allows attackers to impersonate any user, including administrators, by sending spoofed H...

Emlog Pro 2.5.23 has a session verification code error that allows attackers to reuse email verification codes. This authentication bypass vulnerabili...

A critical authentication bypass vulnerability in PrestaShop Checkout payment module allows attackers to silently log in as any user via email manipul...

An unauthenticated path traversal vulnerability in FactoryTalk View Machine Edition allows attackers on the same network to delete arbitrary files on ...

This vulnerability allows attackers to bypass authentication in the FTP service of Audi UTR 2.0 Universal Traffic Recorder by using any username/passw...

This CVE describes an authentication bypass vulnerability in FOG Project versions 1.5.10.1673 and below that allows unauthenticated attackers to dump ...

This vulnerability allows attackers to intercept or manipulate data during downloads due to insecure connection methods. It affects systems using Qual...

This vulnerability allows attackers to brute-force authentication tags in session cookies of applications using Auth0-PHP SDK with CookieStore configu...

This CVE describes an improper authentication vulnerability in Adobe ColdFusion that allows high-privileged attackers to bypass authentication mechani...

This vulnerability in SPID.AspNetCore.Authentication allows attackers to bypass SAML signature validation by injecting a signed XML element. This enab...

A critical SAML SSO vulnerability in Sentry allows attackers to take over any user account by using a malicious SAML Identity Provider and another org...

CVE-2024-5805 is an authentication bypass vulnerability in Progress MOVEit Gateway's SFTP modules that allows attackers to gain unauthorized access wi...

This vulnerability allows a rogue LTE base station to bypass authentication during network attachment, enabling man-in-the-middle attacks. It affects ...

The D-Link DIR-845L router contains a permission bypass vulnerability in the getcfg.php component that allows attackers to access sensitive configurat...