CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-5872 MEDIUM
eGauge EG3000 Energy Monitor <3.6.3 - Missing Authentication
CVSS 5.3
CVE-2025-5871 MEDIUM
Papendorf SOL Connect Center 3.3.0.0 - Auth Bypass
CVSS 5.3
CVE-2025-5870 HIGH
TRENDnet TV-IP121W 1.1.1 Build 36 - Auth Bypass
CVSS 7.3
CVE-2025-48909 HIGH
Device Management Channel - Auth Bypass
CVSS 7.1
CVE-2025-49012 MEDIUM
Himmelblau <1.00-alpha - Privilege Escalation
CVSS 5.4
CVE-2025-5597 CRITICAL
WF Steuerungstechnik GmbH airleader MASTER - Auth Bypass
CVE-2025-49001 CRITICAL
DataEase < 2.10.10 - Improper Authentication via JWT Secret Bypass
CVSS 9.8
CVE-2025-5512 HIGH
quequnlong shiyi-blog <1.2.1 - Auth Bypass
CVSS 7.3
CVE-2025-46548 MEDIUM
Pekko Management <1.1.1 - Auth Bypass
CVSS 6.5
CVE-2025-5495 HIGH
Netgear WNR614 <1.1.0.28_1.0.1WW - Auth Bypass
CVSS 7.3
CVE-2025-37093 CRITICAL
HPE StoreOnce System < 4.3.11 - Authentication Bypass
CVSS 9.8
CVE-2025-5437 MEDIUM
Multilaser Sirius RE016 MLT1.0 - Auth Bypass
CVSS 5.3
CVE-2025-31264 MEDIUM
macOS < 13.7.5, < 14.7.5, < 15.4 - Unauthenticated Sensitive User Data Exposure via Physical Access
CVSS 4.6
CVE-2025-48746 MEDIUM
Netwrix Directory Manager <11.1.25134.03 - Info Disclosure
CVSS 6.5
CVE-2025-48370 LOW
supabase/auth-js < 2.70.0 - Path Traversal via Invalid UUID Handling
CVE-2025-5247 HIGH
Gowabby HFish 0.1 - Improper Authentication via LoadUrl Function
CVSS 7.3
CVE-2025-5149 MEDIUM
wcms < 8.3.11 - Improper Authentication via getMemberByUid Function
CVSS 5.6
CVE-2025-32815 MEDIUM
NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials
CVSS 6.5
CVE-2025-0605 MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass
CVSS 4.6
CVE-2025-44083 CRITICAL
D-Link DI-8100 16.07.26A1 - Unauthenticated Administrator Login Bypass
CVSS 9.8
CVE-2025-4978 CRITICAL
Netgear DGND3700 1.1.00.15_1.00.15NA - Improper Authentication via /BRS_top.html
CVSS 9.8
CVE-2025-47790 MEDIUM
Nextcloud Server 26.0.0-26.0.13.15, 29.0.0-29.0.15 - Authentication Bypass via Session Handling
CVSS 6.4
CVE-2025-4755 HIGH
D-Link DI-7003GV2 24.04.18D1 R(68125) - Improper Authentication in netconfig.asp
CVSS 7.3
CVE-2025-47275 CRITICAL
auth0-php 8.0.0-BETA1-8.13.9 - Authentication Bypass via Brute-Forceable Session Cookie Tag
CVSS 9.1
CVE-2025-47889 CRITICAL
Jenkins WSO2 Oauth Plugin < 1.0 - Unauthenticated Authentication Bypass
CVSS 9.8
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits