CWE-287: Improper Authentication

An improper authentication vulnerability in Esri Portal for ArcGIS and ArcGIS Enterprise allows authenticated low-privileged attackers to bypass autho...

This vulnerability allows memory corruption in Qualcomm's Core due to improper secure memory access while loading modem images. Attackers could potent...

This vulnerability in Logitech Options software allows attackers to perform Cross-Site Request Forgery (CSRF) attacks during OAuth 2.0 authentication ...

Dell Storage Manager version 20.1.20 contains an improper authentication vulnerability that allows adjacent network attackers to bypass authentication...

CVE-2022-30238 is an authentication bypass vulnerability in Schneider Electric Wiser Smart energy management systems that allows attackers to hijack a...

CVE-2021-44458 is a critical authentication bypass vulnerability in Lens Kubernetes IDE that allows malicious websites to make unauthorized websocket ...

This vulnerability in ZITADEL's login interface allows users to bypass configured security policies and self-register accounts or use password authent...

This vulnerability in OneUptime allows attackers to bypass two-factor authentication by replaying stolen WebAuthn assertions. The flaw occurs because ...

This vulnerability in Wekan allows attackers to cause application-layer denial of service (DoS) by sending any non-empty Authorization bearer token to...

The pgjdbc PostgreSQL JDBC driver incorrectly allows connections with authentication methods that don't support channel binding when channel binding i...

This CVE describes an improper authentication vulnerability in Adobe ColdFusion that allows low-privileged local attackers to bypass security controls...

CVE-2024-42336 is an improper authentication vulnerability in Servision products that allows attackers to bypass authentication mechanisms. This affec...

This vulnerability in Bludit allows attackers to bypass authentication by predicting sensitive tokens generated using weak MD5 hashing with predictabl...

This vulnerability in Keyfactor EJBCA allows unauthenticated or less privileged users to access CA certificates (including attributes and public keys)...

Dell BIOS contains an authentication bypass vulnerability that allows a local attacker with physical or administrative access to bypass security contr...

CVE-2023-30845 is an authentication bypass vulnerability in ESPv2 service proxy versions 2.20.0 through 2.42.0. Attackers can craft malicious X-HTTP-M...

This vulnerability in NVIDIA DGX-1 SBIOS allows attackers to execute arbitrary code or bypass security features like SecureBoot due to missing authent...

This vulnerability in Envoy proxy allows attackers to bypass JWT authentication by presenting tokens from unauthorized issuers when the 'allow_missing...

Caddy servers running versions 2.10.0 through 2.11.1 with forward_auth middleware configured are vulnerable to identity injection and privilege escala...

This vulnerability exposes memcached session storage without authentication in WWBN AVideo's Docker configuration, allowing attackers to hijack sessio...

This vulnerability allows unauthorized authentication in Strimzi Kafka clusters when using custom CA certificates with multi-stage chains. Attackers w...

This vulnerability allows attackers to bypass two-factor authentication in Horilla HRMS by omitting the OTP field from authentication requests. When t...

The WPCOM Member WordPress plugin has an authentication bypass vulnerability that allows attackers to brute-force 6-digit OTP codes within a 10-minute...

This vulnerability allows attackers to bypass multi-factor authentication (MFA) in Filament applications by reusing the same recovery code indefinitel...

OctoPrint-SpoolManager plugin versions 1.7.7 and older (stable) and 1.8.0a2 and older (testing) have missing authentication and authorization checks i...

This vulnerability in Cisco IOS and IOS XE software allows attackers to intercept unencrypted TACACS+ authentication messages or impersonate TACACS+ s...

This vulnerability in Progress Software's Hybrid Data Pipeline Server allows attackers to combine OAuth client credentials from both HTTP headers and ...

This CVE describes an authentication bypass vulnerability in Comet System's web-based management interface affecting multiple device models. Attackers...

This CVE describes an authorization bypass vulnerability in Salt's minion event bus. An attacker with a compromised minion key can craft messages to e...

This vulnerability allows unauthenticated attackers to bypass authentication in WordPress sites using the miniOrange Social Login Pro Addon plugin. At...

ManageEngine ADSelfService Plus versions 6510 and below have a session handling vulnerability that allows account takeover. Only valid account holders...

CVE-2023-31279 allows unauthorized attackers to register unmanaged Sierra Wireless devices on the AirVantage platform when the AirVantage Management S...

This vulnerability allows unauthenticated attackers to bypass authentication in WordPress sites using the Pie Register plugin. Attackers can log in as...

This vulnerability in Apache Ozone's S3 Gateway allows any authenticated Kerberos user to revoke and regenerate S3 secrets of any other user, potentia...

This CVE describes an authentication bypass vulnerability where weak authentication mechanisms allow attackers to impersonate legitimate users or reso...

The Heateor Social Login WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing u...

This vulnerability in Okta Verify for iOS allows attackers to bypass push notification authentication by exploiting the iOS ContextExtension feature. ...

The ProfilePress Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user,...

This vulnerability in Lif Authentication Server allows attackers to reset any user's password without providing the required email verification code. ...

This vulnerability in Jenkins OpenId Connect Authentication Plugin allows attackers to bypass authentication by forging ID tokens without proper issue...

CVE-2024-47078 is an authentication and authorization bypass vulnerability in Meshtastic's MQTT implementation that allows unauthorized control of MQT...

CVE-2024-45823 is an authentication bypass vulnerability in Rockwell Automation products where shared secrets across accounts allow threat actors to i...

Mattermost versions with shared channels enabled are vulnerable to a timing attack that allows retrieval of remote cluster tokens. Attackers can explo...

This vulnerability allows authenticated users in Unit4 Financials by Coda to bypass authorization controls and reset passwords for any user account vi...

Dell PowerProtect Data Manager DM5500 appliances running version 5.14.0.0 and earlier contain an improper authentication vulnerability (CWE-287). Remo...

This vulnerability allows authentication bypass in PingFederate's Identifier First Adapter when configured in a specific, non-recommended way. Attacke...

This vulnerability in Teltonika's Remote Management System allows attackers who obtain a device's serial number and MAC address to authenticate as tha...

This vulnerability allows unauthenticated attackers to bypass authentication in the OTP Login Woocommerce & Gravity Forms WordPress plugin by obtainin...

This vulnerability in Apache OpenMeetings allows attackers with access to certain private information to impersonate other users. It affects Apache Op...

This vulnerability in Nexx Smart Home devices allows any user to register an already registered alarm or associated device using only the device's MAC...