When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,073 vulnerabilities with CWE-287
CVE-2026-3794
HIGH
doramart DoraCMS 3.0.x - Auth Bypass
CVSS 7.3
CVE-2026-3739
MEDIUM
suitenumerique messages 0.2.0 - Auth Bypass
CVSS 6.3
CVE-2026-30863
Parse Server <8.6.10/9.5.0-alpha.11 - Auth Bypass
CVE-2026-30851
HIGH
Caddy 2.10.0-2.11.1 - Privilege Escalation
CVSS 8.1
CVE-2026-29193
HIGH
ZITADEL 4.0.0-4.12.0 - Auth Bypass
CVSS 8.2
CVE-2026-30223
HIGH
OliveTin <3000.11.1 - Auth Bypass
CVSS 8.8
CVE-2026-30831
Rocket.Chat <8.2.0 - Auth Bypass
CVE-2026-28514
Rocket.Chat <8.0.0 - Auth Bypass
CVE-2026-28800
MEDIUM
Natro Macro <1.1.0 - Unauthenticated RCE
CVSS 6.4
CVE-2026-28787
HIGH
OneUptime <=10.0.11 - Auth Bypass
CVSS 8.2
CVE-2026-28428
MEDIUM
Talishar <a9c218e - Auth Bypass
CVSS 5.3
CVE-2026-29093
HIGH
WWBN AVideo <24.0 - Session Hijacking
CVSS 8.1
CVE-2026-28471
MEDIUM
OpenClaw 2026.1.14-1 - Auth Bypass
CVSS 5.3
CVE-2026-3224
CRITICAL
Devolutions Server <2025.3.15.0 - Auth Bypass
CVSS 9.8
CVE-2026-24898
CRITICAL
OpenEMR <8.0.0 - Info Disclosure
CVSS 10.0
CVE-2026-23600
HPE AutoPass License Server - Auth Bypass
CVE-2026-28408
CRITICAL
WeGIA <3.6.5 - Auth Bypass
CVSS 9.8
CVE-2026-27939
HIGH
Statmatic 6.0.0-6.3.9 - Privilege Escalation
CVSS 8.8
CVE-2026-1305
MEDIUM
Japanized for WooCommerce <=2.8.4 - Auth Bypass
CVSS 5.3
CVE-2026-28215
CRITICAL
Hoppscotch <2026.2.0 - Auth Bypass
CVSS 9.1
CVE-2025-71057
HIGH
D-Link DSL-124 ME_1.00 - Session Hijacking
CVSS 8.2
CVE-2026-26077
MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
CVSS 6.5
CVE-2026-27968
MEDIUM
Packistry <0.13.0 - Auth Bypass
CVSS 4.3
CVE-2026-3194
MEDIUM
Chia Blockchain 2.1.0 - Auth Bypass
CVSS 4.5
CVE-2026-3192
MEDIUM
Chia Blockchain 2.1.0 - Auth Bypass
CVSS 5.6
Details
Vulnerabilities
4,073
Exploit Likelihood
High