CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,320 vulnerabilities with CWE-287
CVE-2025-66698 HIGH
Semantic machines <5.4.8 - Auth Bypass
CVSS 8.6
CVE-2025-69273 HIGH
Broadcom DX NetOps Spectrum < 24.3.11 - Authentication Bypass
CVSS 7.5
CVE-2025-68717 CRITICAL
KAYSUS KS-WR3600 1.0.5.9.1 - Auth Bypass
CVSS 9.4
CVE-2025-15224 LOW
curl 7.58.0-8.17.9 - Improper Authentication via SSH Agent
CVSS 3.1
CVE-2025-15346 CRITICAL
wolfssl-py <= 5.8.2 - Improper Authentication via Missing WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT Flag
CVE-2025-14942 CRITICAL
wolfssh < 1.4.22 - Authentication Bypass via Key Exchange State Manipulation
CVSS 9.8
CVE-2025-60534 CRITICAL
Blue Access Cobalt v02.000.195 - Auth Bypass
CVSS 9.8
CVE-2025-69197 MEDIUM
Pterodactyl <1.11.11 - Info Disclosure
CVSS 6.5
CVE-2025-64423 HIGH
Coolify <= 4.0.0-beta.434 - Privilege Escalation via Invitation Link Hijacking
CVSS 8.8
CVE-2025-15458 HIGH
MiniCMS < 1.8 - Improper Authentication in Article Handler
CVSS 7.3
CVE-2025-15457 HIGH
MiniCMS < 1.8 - Improper Authentication in Trash File Restore Handler
CVSS 7.3
CVE-2025-15456 HIGH
MiniCMS < 1.8 - Improper Authentication in Publish Page Handler
CVSS 7.3
CVE-2025-15455 MEDIUM
MiniCMS < 1.8 - Improper Authentication in File Recovery Request Handler
CVSS 6.5
CVE-2025-67158 HIGH
Revotech I6032W-FHW v1.0.0014 - 20210517 - Authentication Bypass via /cgi-bin/jvsweb.cgi
CVSS 7.5
CVE-2025-68926 CRITICAL
RustFS <1.0.0-alpha.78 - Auth Bypass
CVSS 9.8
CVE-2025-65925 MEDIUM
Zeroheight <2025-06-13 - Info Disclosure
CVSS 6.5
CVE-2025-56333 CRITICAL
pangolin < 1.7.0 - Remote Privilege Escalation via 2FA Component
CVSS 9.8
CVE-2025-15069 HIGH
Gmission Web Fax 3.0 - Improper Authentication
CVSS 7.1
CVE-2025-15135 MEDIUM
joey-zhou xiaozhi-esp32-server-java <4.0.0 - Auth Bypass
CVSS 6.3
CVE-2025-15099 HIGH
sim < 0.5.27 - Improper Authentication via INTERNAL_API_SECRET Manipulation
CVSS 7.3
CVE-2025-15097 HIGH
Alteryx Server - Improper Authentication via /gallery/api/status/
CVSS 7.3
CVE-2025-66174 MEDIUM
Hikvision DS-7104HGHI-F1 & DS-7204HGHI-F1 < 4.30.122_201107 - Unauthenticated Privilege Escalation via Serial Port
CVSS 6.5
CVE-2025-14908 MEDIUM
JeecgBoot < 3.9.0 - Improper Authentication in Multi-Tenant Management Module
CVSS 6.3
CVE-2025-13427 MEDIUM
Google Cloud Dialogflow CX Messenger - Auth Bypass
CVE-2025-14738 HIGH
TP-Link TL-WA850RE Firmware < 160527 - Unauthenticated Configuration File Disclosure
CVSS 7.5
Details
Vulnerabilities 4,320
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits