CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-52054 MEDIUM
Tenda AC8 Firmware < 16.03.33.05 - Unauthenticated Root Password Calculation via MAC Address
CVSS 5.3
CVE-2025-7955 CRITICAL
RingCentral Communications <1.6.8 - Auth Bypass
CVSS 9.8
CVE-2025-9533 HIGH
TOTOLINK T10 4.1.8cu.5241_B20210927 - Auth Bypass
CVSS 7.3
CVE-2025-52395 CRITICAL
Roadcute API v.1 - Unauthenticated Remote Code Execution via Password Reset Endpoint
CVSS 9.8
CVE-2025-50901 CRITICAL
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 - Authentication Bypass and Arbitrary File Read
CVSS 9.8
CVE-2025-55293 CRITICAL
Meshtastic <2.6.3 - Privilege Escalation
CVSS 9.4
CVE-2025-9100 MEDIUM
zhenfeng13 My-Blog 1.0.0 - Auth Bypass
CVSS 5.3
CVE-2025-8964 MEDIUM
Hostel Management System 1.0 - Improper Authentication in Login Component
CVSS 5.3
CVE-2025-51451 CRITICAL
TOTOLINK EX1200T <4.1.2cu.5215 - Auth Bypass
CVSS 9.8
CVE-2025-55171 HIGH
WeGIA < 3.4.8 - Unauthenticated Arbitrary File Deletion via /html/personalizacao_remover.php
CVSS 7.5
CVE-2025-55169 MEDIUM
WeGIA < 3.4.8 - Path Traversal via Download Remessa Endpoint
CVSS 6.5
CVE-2025-53793 HIGH
Azure Stack Hub 1.2406.0.8-1.2406.1.23 - Unauthenticated Information Disclosure
CVSS 7.5
CVE-2025-53778 HIGH
Windows NTLM - Privilege Escalation
CVSS 8.8
CVE-2025-8838 HIGH
WinterChenS my-site - Improper Authentication in Backend Interface
CVSS 7.3
CVE-2025-54888 HIGH
Fedify < 1.3.20 - Incorrect Authorization
CVE-2025-54786 MEDIUM
SuiteCRM 7.14.6 and 8.8.0 - Unauthenticated Meeting Data Access via Legacy iCal Service
CVSS 5.3
CVE-2025-53786 HIGH
Microsoft Exchange Server - Info Disclosure
CVSS 8.0
CVE-2025-8546 MEDIUM
pybbs < 6.0.0 - Improper Authentication via Verification Code Handler
CVSS 5.3
CVE-2025-8348 HIGH
Kehua Charging Pile Cloud Platform 1.0 - Improper Authentication
CVSS 7.3
CVE-2025-54573 MEDIUM
CVAT 1.1.0-2.41.0 - Improper Authentication via Missing Email Verification
CVSS 4.3
CVE-2025-6505 HIGH
Progress Hybrid Data Pipeline < 4.6.2.3275 - Unauthenticated Client Impersonation via OAuth Credential Combination
CVSS 8.1
CVE-2025-54419 CRITICAL
node-saml < 5.1.0 - Authentication Bypass via SAML Assertion Manipulation
CVSS 10.0
CVE-2025-45777 CRITICAL
Chavara Matrimony Site 2.0 - Authentication Bypass via OTP Mechanism
CVSS 9.8
CVE-2025-0249 LOW
HCL IntelliOps Event Management - Improper JWT Token Invalidation
CVSS 3.3
CVE-2025-54452 HIGH
Samsung MagicINFO 9 Server < 21.1080.0 - Authentication Bypass
CVSS 7.3
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits