CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2026-1743 LOW
DJI Mavic Mini, Air, Spark and Mini SE <01.00.0500 - Auth Bypass
CVSS 3.1
CVE-2026-1740 HIGH
EFM ipTIME A8004T <14.18.2 - Auth Bypass
CVSS 7.3
CVE-2026-22764 MEDIUM
Dell OpenManage Network Integration < 3.9 - Improper Authentication
CVSS 4.3
CVE-2026-24003 MEDIUM
EVerest <= 2025.12.1 - Incorrect Authorization via ISO 15118-2 MQTT Messages
CVSS 4.3
CVE-2026-1410 MEDIUM
Beetel 777VR1 < 01.00.09_55 - Improper Authentication via UART Interface
CVSS 6.4
CVE-2026-0633 LOW
MetForm - Contact Form Builder for Elementor <= 4.1.0 - Unauthenticated Sensitive Information Exposure
CVSS 3.7
CVE-2026-24038 HIGH
Horilla 1.4.0 - Authentication Bypass via OTP Field Omission
CVSS 8.1
CVE-2026-1203 MEDIUM
crmeb < 5.6.3 - Improper Authentication via remoteRegister UID Manipulation
CVSS 5.6
CVE-2026-1202 HIGH
crmeb < 5.6.3 - Improper Authentication via Apple Login OpenID Manipulation
CVSS 7.3
CVE-2026-0629 HIGH
TP-Link VIGI InSight Sx45/Sx55/Sx85 and Cx45/Cx55/Cx85 Series - Authentication Bypass via Password Recovery
CVE-2026-22236 CRITICAL
BLUVOYIX - Unauthenticated Improper Authentication in Backend APIs
CVSS 9.8
CVE-2026-0408 HIGH
NETGEAR WiFi Range Extenders - Path Traversal
CVSS 8.0
CVE-2026-0407 HIGH
NETGEAR WiFi Range Extenders - Auth Bypass
CVSS 8.0
CVE-2026-0405 HIGH
NETGEAR Orbi Firmware - Unauthenticated Authentication Bypass
CVSS 7.8
CVE-2026-0842 MEDIUM
Flycatcher Toys smART Sketcher <2.0 - Missing Authentication
CVSS 6.3
CVE-2026-22594 HIGH
Ghost 5.105.0-5.130.5 and 6.0.0-6.10.3 - Authenticated 2FA Bypass via Email Verification Skip
CVSS 8.1
CVE-2026-21891 CRITICAL
ZimaOS <= 1.5.0 - Improper Authentication via Service Account Username
CVSS 9.4
CVE-2026-21881 CRITICAL
Kanboard < 1.2.49 - Unauthenticated Authentication Bypass via Spoofed HTTP Header
CVSS 9.1
CVE-2026-21854 CRITICAL
Tarkov Data Manager < 2025-01-02 - Unauthenticated Authentication Bypass via Prototype Pollution
CVSS 9.8
CVE-2026-21633 HIGH
UniFi Protect < 6.2.72 - Unauthenticated Unauthorized Access via Discovery Protocol
CVSS 8.8
CVE-2026-0589 HIGH
Online Product Reservation System 1.0 - Improper Authentication in Administration Backend
CVSS 7.3
CVE-2025-68712 MEDIUM
SpSoft AppLock 7.9.40 - Authentication Bypass via Insecure Interface Navigation
CVSS 5.5
CVE-2025-46641 MEDIUM
Dell PowerProtect Data Domain 8.4-8.5 - Auth Bypass
CVSS 6.6
CVE-2025-46607 MEDIUM
Dell PowerProtect Data Domain 8.4-8.5 - Auth Bypass
CVSS 6.6
CVE-2025-15484 CRITICAL
Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass
CVSS 9.1
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits