When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,319 vulnerabilities with CWE-287
CVE-2026-10777
HIGH
ealpha072 Student-Management-System Administrative Backend config.php improper authentication
CVSS 7.3
CVE-2026-49448
CRITICAL
authentik: SourceStage bypass via empty POST
CVSS 9.8
CVE-2026-49443
HIGH
authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
CVSS 8.8
CVE-2026-45289
MEDIUM
CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens
CVSS 5.3
CVE-2026-10619
HIGH
sayan365 student-management-system improper authentication
CVSS 7.3
CVE-2026-5076
CRITICAL
ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2026-10617
HIGH
nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
CVSS 7.3
CVE-2026-10611
HIGH
OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
CVE-2026-8293
HIGH
Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip
CVSS 7.5
CVE-2026-10548
MEDIUM
NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
CVSS 5.3
CVE-2026-40964
HIGH
Cloud Foundry log-cache_release <= v3.2.6 & CF Deployment <= v55.?.0 - JWT Authentication Bypass
CVSS 7.5
CVE-2026-10288
HIGH
code-projects Hotel and Tourism Reservation System 1.0 - Improper Authentication via Admin Login Password Parameter
CVSS 7.3
CVE-2026-45691
MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Two-Factor Authentication Bypass via Pre-2FA Session Cookie Reuse
CVSS 5.9
CVE-2026-45690
MEDIUM
Nextcloud Server 32.0.0-32.0.8 and 33.0.0-33.0.2 - Authentication Bypass via Session Token Replay
CVSS 5.9
CVE-2026-45283
MEDIUM
Nextcloud Server 32.0.0-32.0.1 and 33.0.0 - Authenticated File Lock Manipulation via DAV Requests
CVSS 6.3
CVE-2026-10283
MEDIUM
Bottelet DaybydayCRM <= 2.2.1 - Improper Authentication in Setting Handler
CVSS 6.3
CVE-2026-10281
HIGH
Enderfga claw-orchestrator <= 3.5.5 - Missing Authentication in EmbeddedServer API Endpoint
CVSS 7.3
CVE-2026-45156
HIGH
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
CVSS 8.1
CVE-2026-45153
MEDIUM
Nextcloud: PIN bypass in PassCodeActivity via back button
CVSS 4.6
CVE-2026-10243
HIGH
code-projects Smart Parking System Admin Endpoint missing authentication
CVSS 7.3
CVE-2026-10167
HIGH
OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication
CVSS 7.3
CVE-2026-10157
HIGH
Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication
CVSS 7.3
CVE-2026-46579
HIGH
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend
CVSS 7.4
CVE-2026-49197
CRITICAL
Predator Connect W6x: Improper Authentication
CVSS 9.8
CVE-2026-3655
CRITICAL
OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification
CVSS 9.8
Details
Vulnerabilities
4,319
Exploit Likelihood
High