CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-52294 MEDIUM
Trust Wallet <8.45 - Info Disclosure
CVSS 5.7
CVE-2025-6916 HIGH
TOTOLINK T6 4.1.5cu.748_B20211015 - Missing Authentication via Form_Login
CVSS 8.8
CVE-2025-24292 MEDIUM
UniFi Network <9.1.120 - Auth Bypass
CVSS 6.8
CVE-2025-52553 CRITICAL
authentik < 2025.4.3 - Improper Authentication via RAC Token Reuse
CVSS 9.6
CVE-2025-6763 HIGH
Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 & H3531 1.60 - Missing Authentication
CVSS 8.1
CVE-2025-53013 MEDIUM
himmelblau 0.9.10-0.9.16 - Authentication Bypass via Invalid Hello PIN in Offline Mode
CVSS 5.2
CVE-2025-52572 CRITICAL
Hikka Telegram Userbot Web Interface - Account Takeover and Code Execution
CVSS 10.0
CVE-2025-52571 CRITICAL
Hikka < 1.6.2 - Unauthenticated Telegram Account Access
CVSS 9.6
CVE-2025-49851 CRITICAL
ControlID iDSecure < 4.7.50.0 - Authentication Bypass
CVSS 9.8
CVE-2025-32975 CRITICAL KEV
Quest KACE SMA <14.1.101 - Auth Bypass
CVSS 10.0
CVE-2025-6533 MEDIUM
xxyopen/201206030 novel-plus <5.1.3 - Auth Bypass
CVSS 5.6
CVE-2025-6528 MEDIUM
70mai M300 <20250611 - Improper Authentication
CVSS 4.3
CVE-2025-6524 LOW
70mai 1S <20250611 - Improper Authentication
CVSS 3.1
CVE-2025-32879 HIGH
COROS PACE 3 Firmware < 3.0808.0 - Unauthenticated BLE Connection and Device Control
CVSS 8.8
CVE-2025-32877 CRITICAL
COROS PACE 3 Firmware < 3.0808.0 - Unauthenticated Machine-in-the-Middle via BLE Just Works Pairing
CVSS 9.8
CVE-2025-32875 MEDIUM
COROS Android App <= 3.8.12 - Unencrypted Bluetooth Communication via Missing Pairing Enforcement
CVSS 5.7
CVE-2025-49591 CRITICAL
CryptPad < 2025.3.0 - Two-Factor Authentication Bypass via URL-Encoded Path Parameter
CVSS 9.1
CVE-2025-6172 CRITICAL
com.afmobi.boomplayer - Info Disclosure
CVSS 9.8
CVE-2025-6083 MEDIUM
ExtremeCloud Universal ZTNA - Info Disclosure
CVSS 4.3
CVE-2025-22236 HIGH
Salt 3007.0-3007.3 and 3006.0-3006.11 - Minion Event Bus Authorization Bypass
CVSS 8.1
CVE-2025-49146 HIGH
PostgreSQL JDBC Driver 42.7.4-42.7.6 - Improper Authentication via Channel Binding Bypass
CVSS 8.2
CVE-2025-5985 HIGH
School Fees Payment System 1.0 - Improper Authentication
CVSS 7.3
CVE-2025-5906 HIGH
code-projects Laundry System 1.0 - Missing Authentication in /data/ Endpoint
CVSS 7.3
CVE-2025-29627 MEDIUM
KeeperChat 5.8.8 - Privilege Escalation via Biometric Authentication Module
CVSS 6.8
CVE-2025-5876 MEDIUM
Lucky LM-520-SC,LM-520-FSC,Lucky LM-520-FSC-SAM <20250321 - Missing...
CVSS 5.3
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits