CWE-287: Improper Authentication

This vulnerability allows an internal unauthenticated attacker who can pass enrollment verifications to register their FIDO authenticator to a victim'...

Apr 3, 2024

CVE-2024-2873

This vulnerability in wolfSSH allows malicious clients to create SSH channels without authenticating first, leading to unauthorized access to SSH serv...

Mar 25, 2024

CVE-2024-2862

This vulnerability allows remote attackers to reset passwords for anonymous users without authorization on LG LED Assistant software. Attackers can ga...

Mar 25, 2024

CVE-2024-1735

This vulnerability in armeria-saml allows attackers to craft malicious SAML messages that bypass authentication mechanisms. All users running armeria-...

Feb 26, 2024

CVE-2023-6483

CVE-2023-6483 is an improper authentication vulnerability in ADiTaaS backend API that allows unauthenticated remote attackers to send specially crafte...

Dec 18, 2023

CVE-2023-33054

CVE-2023-33054 is a cryptographic vulnerability in Qualcomm's GPS HLOS driver that allows improper authentication when downloading GNSS assistance dat...

Dec 5, 2023

CVE-2023-4562

This vulnerability allows remote unauthenticated attackers to read sequence programs from or write malicious programs/data to Mitsubishi Electric MELS...

Oct 13, 2023

CVE-2023-28540

This vulnerability in Qualcomm Data Modem chips allows attackers to bypass TLS authentication during handshake, potentially enabling man-in-the-middle...

Oct 3, 2023

CVE-2023-40260

CVE-2023-40260 allows attackers to bypass multi-factor authentication in EmpowerID by using stolen credentials to change account email addresses. This...

Aug 11, 2023

CVE-2023-20214

An unauthenticated remote attacker can exploit insufficient request validation in the REST API of Cisco SD-WAN vManage software to gain read or limite...

Aug 3, 2023

CVE-2023-37471

OpenAM up to version 14.7.2 has a critical SAML signature validation vulnerability that allows attackers to impersonate any user, including administra...

Jul 20, 2023

CVE-2023-3065

This CVE describes an authentication bypass vulnerability in the Mobatime AMXGT100 mobile application. Attackers can bypass authentication mechanisms ...

Jun 5, 2023

CVE-2023-31123

This vulnerability allows any user with a valid password to log in as any other user on affected tripreporter instances. It affects all users of self-...

May 8, 2023

CVE-2023-27582

This CVE describes an authentication bypass vulnerability in the maddy mail server. Attackers can bypass authentication entirely by specifying a diffe...

Mar 13, 2023

CVE-2023-22501

This authentication vulnerability in Jira Service Management allows attackers to impersonate users and gain unauthorized access by intercepting signup...

Feb 1, 2023

CVE-2022-31013

CVE-2022-31013 is an authentication bypass vulnerability in Vartalap Chat Server versions 2.3.2 through 2.5.x. The bug occurs because the server doesn...

May 31, 2022

CVE-2022-24882

This vulnerability allows attackers to bypass NTLM authentication in FreeRDP-based RDP servers by providing an empty password. This affects FreeRDP se...

Apr 26, 2022

CVE-2022-26034

CVE-2022-26034 is an improper authentication vulnerability in Yokogawa CENTUM VP and B/M9000 VP industrial control systems. Attackers can bypass authe...

Apr 15, 2022

CVE-2022-25157

This vulnerability in Mitsubishi Electric MELSEC PLCs allows remote unauthenticated attackers to use intercepted password hashes for authentication in...

Apr 1, 2022

CVE-2022-23383

CVE-2022-23383 is an authentication bypass vulnerability in YzmCMS v6.3 that allows unauthenticated attackers to access other users' personal home pag...

Mar 10, 2022

CVE-2022-0715

This CVE-2022-0715 is an improper authentication vulnerability in APC Smart-UPS and SmartConnect UPS devices, allowing attackers to upload malicious f...

Mar 9, 2022

CVE-2021-43834

This vulnerability allows attackers to authenticate as existing users in eLabFTW instances configured with LDAP or SAML single sign-on authentication....

Dec 16, 2021

CVE-2020-11264

This vulnerability allows attackers to inject arbitrary network packets during Wi-Fi authentication handshakes by exploiting improper authentication o...

Sep 8, 2021

CVE-2020-28050

This vulnerability in Zoho ManageEngine Desktop Central allows multiple agents to use the same authentication secret when communicating with the serve...

Mar 5, 2021

CVE-2020-26214

This vulnerability allows authentication bypass in Alerta monitoring systems configured with LDAP authentication. Attackers can gain unauthorized acce...

Nov 6, 2020

CVE-2020-15243

This CVE describes an authentication bypass vulnerability in Smartstore Web API due to a missing authentication attribute. Attackers can access admini...

Oct 8, 2020

CVE-2020-25251

CVE-2020-25251 is an authentication bypass vulnerability in Hyland OnBase where client-side authentication is used for critical administrative functio...

Sep 11, 2020

CVE-2020-9233

CVE-2020-9233 is an insufficient authentication vulnerability in Huawei FusionCompute 8.0.0 that allows attackers to delete files and disrupt services...

Aug 17, 2020

CVE-2024-38124

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting a flaw in the Netlogon protocol. It affects Windows servers...

Oct 8, 2024

CVE-2024-47070

This vulnerability allows attackers to bypass password authentication in authentik by sending a malformed X-Forwarded-For header containing a non-IP a...

Sep 27, 2024

CVE-2023-2586

This vulnerability allows unauthorized attackers to register unmanaged Teltonika devices to their own Remote Management System (RMS) accounts. If expl...

May 22, 2023

CVE-2023-31127

This vulnerability allows an attacker to bypass mutual authentication in libspdm sessions when both DHE and PSK session types are supported. An attack...

May 8, 2023

CVE-2020-7293

This vulnerability allows authenticated users with low privileges in McAfee Web Gateway to change the system's root password due to improper access co...

Sep 15, 2020

CVE-2026-30223

This vulnerability in OliveTin allows authentication bypass when JWT authentication is configured. Attackers can use validly signed JWT tokens intende...

Mar 6, 2026

CVE-2026-25922

This vulnerability in authentik allows attackers to bypass SAML authentication by injecting malicious assertions before legitimate signed ones. It aff...

Feb 12, 2026

CVE-2025-64175

Gogs versions 0.13.3 and earlier have a critical authentication bypass vulnerability where 2FA recovery codes are not scoped to specific users. An att...

Feb 6, 2026

CVE-2025-64423

In Coolify versions up to v4.0.0-beta.434, low-privileged users (members) can intercept and use administrator invitation links before the intended rec...

Jan 5, 2026

CVE-2026-21633

An attacker on the same network can exploit a discovery protocol vulnerability in UniFi Protect Application to gain unauthorized access to UniFi Prote...

Jan 5, 2026

CVE-2025-9803

This vulnerability allows account takeover in lunary-ai/lunary due to improper Google OAuth authentication. Attackers can use access tokens from malic...

Nov 25, 2025

CVE-2025-6979

This vulnerability allows attackers to bypass authentication mechanisms in captive portal systems, potentially gaining unauthorized network access. Or...

Oct 23, 2025

CVE-2025-41110

Encrypted WiFi and SSH credentials are exposed in the Ghost Robotics Vision 60 APK, allowing attackers to connect to the robot's WiFi network and gain...

Oct 22, 2025

CVE-2025-10293

The Keyy Two Factor Authentication plugin for WordPress has a privilege escalation vulnerability that allows authenticated attackers with subscriber-l...

Oct 15, 2025

CVE-2025-54918

This vulnerability allows an authenticated attacker to exploit improper authentication in Windows NTLM to elevate privileges over a network. It affect...

Sep 9, 2025

CVE-2025-26438

This vulnerability allows attackers to bypass Bluetooth Secure Simple Pairing (SMP) authentication without user interaction, potentially enabling unau...

Sep 4, 2025

CVE-2024-57491

An authentication bypass vulnerability in jobx allows attackers to access sensitive APIs without valid authentication tokens by exploiting the preHand...

Aug 20, 2025

CVE-2025-53778

CVE-2025-53778 is an improper authentication vulnerability in Windows NTLM that allows an authenticated attacker to elevate privileges over a network....

Aug 12, 2025

CVE-2025-6926

An improper authentication vulnerability in MediaWiki's CentralAuth extension allows attackers to bypass authentication mechanisms. This affects Media...

Jul 3, 2025

CVE-2025-6916

This critical vulnerability in TOTOLINK T6 routers allows attackers to bypass authentication on the login form by manipulating authCode/goURL paramete...

Jun 30, 2025

CVE-2024-6174

Cloud-init grants root access to a hardcoded URL with a local IP address when detecting a non-x86 platform. This vulnerability affects systems using c...

Jun 26, 2025

CVE-2025-32879