CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,320 vulnerabilities with CWE-287
CVE-2025-10772 MEDIUM
huggingface LeRobot <0.3.3 - Missing Authentication
CVSS 6.3
CVE-2025-54761 HIGH
PPress 0.0.9 - Privilege Escalation
CVSS 8.0
CVE-2025-10672 HIGH
whuan132 AIBattery <1.0.9 - Info Disclosure
CVSS 7.8
CVE-2025-34186 CRITICAL
Ilevia EVE X1/X5 Server <= 4.7.18.0.eden - Unauthenticated OS Command Injection via Authentication Mechanism
CVSS 9.8
CVE-2025-31271 HIGH
macOS < 26 - Unauthenticated FaceTime Call Acceptance on Locked Device
CVSS 7.5
CVE-2025-10423 LOW
newbee-mall - Improper Authentication via Guessable CAPTCHA in mallKaptcha Function
CVSS 3.7
CVE-2025-45583 CRITICAL
Audi Universal Traffic Recorder 2.0 - Improper Authentication via FTP
CVSS 9.1
CVE-2025-10365 CRITICAL
Evertz SDVN 3080ipx-10G - Command Injection
CVE-2025-10288 MEDIUM
roncoo-pay <9428382af21cd5568319eae7429b7e1d0332ff40 - Auth Bypass
CVSS 5.3
CVE-2025-58065 MEDIUM
Flask-AppBuilder < 4.8.1 - Improper Authentication via Password Reset Endpoint
CVSS 6.5
CVE-2025-58060 HIGH
OpenPrinting CUPS < 2.4.13 - Authentication Bypass via Basic Auth Header
CVSS 8.0
CVE-2025-54376 HIGH
Hoverfly < 1.12.0 - Unauthenticated Sensitive Information Exposure via Admin WebSocket Endpoint
CVSS 7.5
CVE-2025-56578 MEDIUM
RTSPtoWeb 2.4.3 - Unauthenticated Remote Code Execution and Information Disclosure
CVSS 5.7
CVE-2025-10224 MEDIUM
AxxonSoft Axxon One < 2.0.2 - Authenticated Incorrect LDAP Group Membership Evaluation
CVSS 5.4
CVE-2025-57278 HIGH
Lb-link Bl-cpe300m Firmware - Authentication Bypass
CVSS 8.8
CVE-2025-55234 HIGH
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - SMB Server Relay Attack via Improper Authentication
CVSS 8.8
CVE-2025-54918 HIGH
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Privilege Escalation via NTLM Authentication
CVSS 8.8
CVE-2025-9994 CRITICAL
Amp'ed RF BT-AP 111 - Info Disclosure
CVSS 9.8
CVE-2025-58443 CRITICAL
fogproject < 1.5.10.1673 - Unauthenticated Database Dump via Authentication Bypass
CVSS 9.1
CVE-2025-55241 CRITICAL
Azure Entra ID < - Privilege Escalation
CVSS 10.0
CVE-2025-26438 HIGH
Android - Improper Authentication in SMP Secure Connection OOB Data Processing
CVSS 8.8
CVE-2025-56752 CRITICAL
Ruijie RG-ES Series Firmware - Unauthenticated Authentication Bypass via /user.cgi
CVSS 9.4
CVE-2025-9815 HIGH
alaneuler batteryKid < 2.1 - Improper Authentication in NSXPCListener
CVSS 7.8
CVE-2025-52856 CRITICAL
QVR 5.1.0-5.1.5 - Improper Authentication
CVSS 9.8
CVE-2025-52054 MEDIUM
Tenda AC8 Firmware < 16.03.33.05 - Unauthenticated Root Password Calculation via MAC Address
CVSS 5.3
Details
Vulnerabilities 4,320
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits