CWE-287: Improper Authentication

This vulnerability allows remote attackers to gain complete control of systems running vulnerable NVDA Remote add-ons by guessing weak passwords. The ...

This vulnerability in NVIDIA UFM products allows attackers to bypass authentication by sending malformed requests via the Ethernet management interfac...

CVE-2023-29117 is an authentication bypass vulnerability in Waybox Enel X web management API that allows attackers to gain administrator privileges wi...

CVE-2023-22650 is an authentication bypass vulnerability in Rancher where deleted, disabled, or revoked users from external authentication providers r...

CVE-2024-45148 is an improper authentication vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and gain...

This CVE describes an improper authentication vulnerability in TAKENAKA ENGINEERING digital video recorders that allows authenticated remote attackers...

This CVE describes an authentication bypass vulnerability (CWE-287) in Xiaomi systems that allows attackers to bypass authentication mechanisms. The v...

This vulnerability allows attackers to bypass two-factor authentication (2FA) in Securepoint UTM by exploiting improper handling of OTP keys. Attacker...

CVE-2024-6235 is an authentication bypass vulnerability in NetScaler Console that allows unauthenticated attackers to access sensitive information. Th...

CVE-2024-5201 is an authentication bypass vulnerability in OpenText Dimensions RM that allows authenticated users to escalate their privileges to thos...

An authentication bypass vulnerability in Snow License Manager allows attackers to gain unauthorized access when Active Directory authentication is en...

This vulnerability allows remote attackers who have obtained valid user credentials to bypass multi-factor authentication (MFA) in the ArmorX Android ...

This vulnerability allows authenticated attackers to take over other user accounts in Mattermost by exploiting a flaw in authentication switching from...

This CVE describes an improper authentication vulnerability in Schneider Electric devices that allows unauthorized tampering of device configuration v...

This vulnerability allows a remote authenticated attacker to bypass multi-factor authentication (MFA) on SonicWall SMA100 SSL-VPN virtual office porta...

This vulnerability allows authenticated users on Jolokia endpoints in Apache ActiveMQ to execute arbitrary code through JMX MBean operations. Attacker...

This vulnerability allows unauthenticated access to the Web SSH terminal in Cassia Access Controller. Attackers can bypass authentication and gain SSH...

This vulnerability allows unauthenticated remote attackers to bypass authentication on SICK Flexi Soft Gateways by capturing and replaying authenticat...

This vulnerability allows an attacker on the same network to bypass authentication on TP-Link Archer C20 routers and execute arbitrary operating syste...

CVE-2023-33563 is an authentication bypass vulnerability in PHP Jabbers Time Slots Booking Calendar 3.3 that allows remote attackers to take over user...

CVE-2022-34155 is an authentication bypass vulnerability in the miniOrange OAuth Single Sign On WordPress plugin. Attackers can bypass authentication ...

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widgets with authentication bypass vulnerabilities that allow remote attackers to chain with...

This authentication bypass vulnerability in Qrio Lock smart locks allows network-adjacent attackers to intercept communication and perform unauthorize...

This CVE describes an improper authentication vulnerability in multiple ABB Terra AC wallbox electric vehicle charging station models. Attackers can b...

This vulnerability allows network-adjacent attackers to bypass authentication on D-Link DIR-1935 routers by exploiting improper HNAP login request han...

CVE-2023-0228 is an improper authentication vulnerability in ABB Symphony Plus S+ Operations that allows attackers to bypass authentication mechanisms...

CVE-2021-26637 allows unauthenticated remote attackers to fully control SiHAS SGW-300, ACM-300, and GCM-300 devices due to missing authentication and ...

This vulnerability in Apache Guacamole allows attackers to impersonate other users when SAML authentication is enabled. It affects Apache Guacamole 1....

CVE-2021-45379 is an authentication bypass vulnerability in Glewlwyd OAuth2/OIDC server where one user can log in as another user without knowing thei...

Barrier versions before 2.4.0 have insufficient client identity verification, allowing attackers to spoof connections to the server. This vulnerabilit...

This vulnerability allows attackers to bypass Bluetooth authentication on Tizen devices, enabling unauthorized access and control without user interac...

This CVE describes an authentication bypass vulnerability in BlackBerry Workspaces Server's SAML authentication component. Attackers can potentially g...

This vulnerability allows attackers to bypass authentication in Atlassian Connect Spring Boot apps by sending context JWTs to lifecycle endpoints that...

CVE-2021-27522 is a privilege escalation vulnerability in Learnsite 1.2.5.0 that allows attackers to gain administrator access by manipulating user co...

This vulnerability allows attackers to bypass authentication controls in NETGEAR switches by exploiting flaws in the NSDP protocol implementation. Att...

Open5GS 2.1.3 has a default admin password and listens on all network interfaces, allowing attackers to gain administrative access to the 5G core netw...

This CVE describes an authentication bypass vulnerability in Philips Patient Information Center iX and PerformanceBridge Focal Point medical monitorin...

CVE-2024-38139 is an improper authentication vulnerability in Microsoft Dataverse that allows authenticated attackers to elevate privileges over a net...

This vulnerability allows users with multi-factor authentication (MFA) enabled to bypass the token verification process and log in without a valid sec...

This authentication bypass vulnerability in Semantic machines v5.4.8 allows attackers to access protected API endpoints without valid credentials by s...

This vulnerability in Extreme Networks Fabric Engine (VOSS) allows attackers to gain unauthorized access to network fabric and configuration data when...

CVE-2025-29906 is an authentication bypass vulnerability in Finit's getty implementation that allows unauthenticated users to log in as any user witho...

CVE-2024-21632 is an authentication bypass vulnerability in omniauth-microsoft_graph where the email attribute from Microsoft Graph API responses isn'...

This vulnerability allows attackers to bypass authentication in Navidrome's subsonic endpoint using a JWT signed with a hardcoded key. It affects all ...

Parse Server's Apple Game Center authentication adapter had a certificate validation flaw that allowed attackers to bypass authentication by providing...

CVE-2022-30034 is an OAuth authentication bypass vulnerability in Flower, the web UI for Celery Python RPC framework. This allows attackers to bypass ...

CVE-2021-21513 is an authentication bypass vulnerability in Dell EMC OpenManage Server Administrator (OMSA) that allows remote unauthenticated attacke...

An improper authentication vulnerability in Esri Portal for ArcGIS and ArcGIS Enterprise allows authenticated low-privileged attackers to bypass autho...

This vulnerability allows memory corruption in Qualcomm's Core due to improper secure memory access while loading modem images. Attackers could potent...

This vulnerability in Logitech Options software allows attackers to perform Cross-Site Request Forgery (CSRF) attacks during OAuth 2.0 authentication ...