CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-41459 HIGH
Two App Studio Journey <5.5.6 - Auth Bypass
CVSS 7.8
CVE-2025-53771 MEDIUM
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
CVSS 6.5
CVE-2025-7897 HIGH
harry0703 MoneyPrinterTurbo <1.2.6 - Auth Bypass
CVSS 7.3
CVE-2025-7875 HIGH
MetaCRM < 6.4.2 - Improper Authentication via /debug.jsp
CVSS 7.3
CVE-2025-7862 HIGH
TOTOLINK T6 4.1.5cu.748_B20211015 - Missing Authentication
CVSS 7.3
CVE-2025-37107 HIGH
HPE AutoPass License Server < 9.18 - Authentication Bypass
CVSS 7.3
CVE-2025-37106 HIGH
HPE AutoPass License Server < 9.18 - Authentication Bypass and Information Disclosure
CVSS 7.3
CVE-2025-7699 HIGH
ADM EZ Sync Manager - Info Disclosure
CVE-2025-7703 LOW
TECNO tech.palm.id - Improper Authentication
CVSS 3.1
CVE-2025-49831 CRITICAL
CyberArk Conjur OSS < 1.22.1 & Secrets Manager Self-Hosted < 13.5.1 - Improper Authentication
CVSS 9.8
CVE-2025-52376 CRITICAL
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - Auth Bypass
CVSS 9.8
CVE-2025-3621 CRITICAL
ActADUR <2.0.2.0 - Command Injection
CVSS 9.6
CVE-2025-53889 MEDIUM
Directus <11.9.0 - Privilege Escalation
CVSS 6.5
CVE-2025-7574 CRITICAL
LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000 < 20250702 - Improper Authentication
CVSS 9.8
CVE-2025-31267 MEDIUM
App Store Connect < 3.0 - Unauthenticated Sensitive Information Exposure via Physical Access
CVSS 4.6
CVE-2025-49812 HIGH
Apache HTTP Server < 2.4.64 - HTTP Session Hijacking via TLS Upgrade Desynchronization
CVSS 7.4
CVE-2025-49706 MEDIUM KEV
Microsoft SharePoint Enterprise Server - Improper Authentication
CVSS 6.5
CVE-2025-53545 MEDIUM
frappe/press - Improper Authentication via Missing Server-Side 2FA Validation
CVE-2025-21450 CRITICAL
Qualcomm AR8035 and FastConnect Firmware - Cryptographic Issue via Insecure Download Connection
CVSS 9.1
CVE-2025-6044 MEDIUM
Google ChromeOS <16238.64.0 - Info Disclosure
CVSS 6.1
CVE-2025-7115 HIGH
rowboatlabs rowboat <8096eaf63b5a0732edd8f812bee05b78e214ee97 - Aut...
CVSS 7.3
CVE-2025-7114 HIGH
SimStudioAI sim < 0.2.1 - Missing Authentication in Session Handler
CVSS 7.3
CVE-2025-53169 HIGH
HarmonyOS - Improper Authentication Bypass for Distributed Camera Access
CVSS 7.6
CVE-2025-7095 LOW
Comodo Internet Security Premium 12.3.4.8162 - Improper Certificate Validation in Update Handler
CVSS 3.7
CVE-2025-6926 HIGH
Mediawiki - CentralAuth Extension <1.39.13-1.43.2 - Auth Bypass
CVSS 8.8
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits