CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2025-71279 CRITICAL
XenForo Passkey Security Bypass
CVSS 9.8
CVE-2025-14716 MEDIUM
Unauthorized access to information
CVSS 6.5
CVE-2025-68402 HIGH
FreshRSS 57e1a37-00f2f04 - Auth Bypass
CVE-2025-71057 HIGH
D-Link DSL-124 ME_1.00 - Session Hijacking
CVSS 8.2
CVE-2025-70833 CRITICAL
Smanga 3.2.7 - Unauthenticated Authentication Bypass via Password Reset Parameter Manipulation
CVSS 9.4
CVE-2025-41023 MEDIUM
Thesamur AutoGPT - Authentication Bypass
CVE-2025-15586 CRITICAL
OGP-Website < 52f865a4fba763594453068acf8fa9e3fc38d663 - Authentication Bypass via Type Juggling
CVE-2025-15581 MEDIUM
Orthanc <1.12.10 - Privilege Escalation
CVE-2025-7630 MEDIUM
Wispotter <2025.10.08.1 - Auth Bypass
CVSS 5.3
CVE-2025-68663 MEDIUM
Outline < 1.1.0 - Suspended User WebSocket Connection Retention
CVSS 5.3
CVE-2025-65128 HIGH
Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 - Auth Bypass
CVSS 8.1
CVE-2025-65127 MEDIUM
Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 - Info Disclosure
CVSS 6.5
CVE-2025-10463 HIGH
Birtech Senseway <09022026 - Auth Bypass
CVSS 7.3
CVE-2025-64175 HIGH
Gogs < 0.13.4 - Two-Factor Authentication Bypass via Recovery Code Reuse
CVSS 8.8
CVE-2025-70841 CRITICAL
Amcoders Dokans - Authentication Bypass
CVSS 10.0
CVE-2025-62349 MEDIUM
Salt 3006.12-3006.16 and 3007.4-3007.8 - Authentication Bypass via Protocol Downgrade
CVSS 6.2
CVE-2025-6723 MEDIUM
Chef InSpec <5.23 - Privilege Escalation
CVE-2025-12810 MEDIUM
Delinea Inc. Secret Server On-Prem - Improper Authentication
CVSS 6.5
CVE-2025-69822 HIGH
Atomberg Erica Smart Fan Firmware V1.0.36 - Exposure of Sensitive Information via Crafted Deauth Frame
CVSS 7.4
CVE-2025-67822 CRITICAL
Mitel MiVoice MX-ONE 7.3-7.8 SP1 - Unauthenticated Authentication Bypass in Provisioning Manager
CVSS 9.4
CVE-2025-65397 MEDIUM
Blurams Flare Camera < 24.1114.151.929 - Unauthenticated Arbitrary Command Execution via Crafted auth.ini File
CVSS 6.8
CVE-2025-37184 CRITICAL
Aruba EdgeConnect SD-WAN Orchestrator 9.2.0-9.2.9 - Unauthenticated Multi-Factor Authentication Bypass
CVSS 9.8
CVE-2025-67859 MEDIUM
TLP 1.9-1.9.1 - Improper Authentication
CVE-2025-68931 HIGH
Jervis < 2.2 - Improper Authentication via AES/CBC/PKCS5Padding
CVSS 7.5
CVE-2025-66698 HIGH
Semantic machines <5.4.8 - Auth Bypass
CVSS 8.6
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits