CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-20083 HIGH
Intel(R) Slim Bootloader - Privilege Escalation
CVSS 7.5
CVE-2025-26685 MEDIUM
Microsoft Defender for Identity - Improper Authentication
CVSS 6.5
CVE-2025-31228 MEDIUM
iPadOS < 17.7.7 and < 18.5 - Unauthenticated Notes Access from Lock Screen
CVSS 6.8
CVE-2025-3659 CRITICAL
Digi PortServer TS <= 82000747_AA - Unauthenticated Configuration Modification via HTTP POST Request
CVE-2025-4494 HIGH
JAdmin 1.0 - Improper Authentication in Admin Backend Login Function
CVSS 7.3
CVE-2025-29813 CRITICAL
Azure DevOps - Authentication Bypass via Assumed-Immutable Data
CVSS 10.0
CVE-2025-46573 HIGH
passport-wsfed-saml2 <4.6.3 - Auth Bypass
CVE-2025-46572 CRITICAL
passport-wsfed-saml2 <4.6.3 - Auth Bypass
CVE-2025-22477 HIGH
Dell Storage Manager 20.1.20 - Unauthenticated Privilege Escalation
CVSS 8.3
CVE-2025-46590 MEDIUM
HarmonyOS - Improper Authentication Bypass in Network Search Instruction Module
CVSS 6.3
CVE-2025-0217 HIGH
BeyondTrust PRA <25.1 - Auth Bypass
CVSS 7.8
CVE-2025-25504 MEDIUM
Gefen WebFWC v1.85h v1.86v v1.70 - Unauthenticated Remote Code Execution via TCP Port 4444
CVSS 6.5
CVE-2025-4268 MEDIUM
TOTOLINK A720R 4.1.5cu.374 - Auth Bypass
CVSS 5.3
CVE-2025-46631 MEDIUM
Tenda RX2 Pro 16.03.30.14 - Info Disclosure
CVSS 6.5
CVE-2025-46630 MEDIUM
Tenda RX2 Pro 16.03.30.14 - Info Disclosure
CVSS 6.5
CVE-2025-4144 CRITICAL
cloudflare/workers-oauth-provider < 0.0.5 - PKCE Bypass via Check Skipping
CVSS 9.8
CVE-2025-29906 HIGH
finit 3.0-rc1-4.10 - Unauthenticated Login Bypass via tty Configuration Directive
CVSS 8.6
CVE-2025-46348 CRITICAL
YesWiki < 4.5.4 - Unauthenticated Backup Archive Creation and Download
CVSS 10.0
CVE-2025-3910 MEDIUM
Red Hat build of Keycloak 26.0-26.0.10 and Keycloak Services < 26.2.2 - Authentication Bypass
CVSS 5.4
CVE-2025-4019 HIGH
novel-plus < 5.1.1 - Missing Authentication in GeneratorController genCode Function
CVSS 7.3
CVE-2025-4018 MEDIUM
novel-plus < 5.1.1 - Missing Authentication in CrawlController addCrawlSource
CVSS 5.3
CVE-2025-4015 MEDIUM
novel-plus < 5.1.1 - Missing Authentication in SessionController
CVSS 5.3
CVE-2025-3627 MEDIUM
Moodle 4.3.0-4.3.11 - Improper Authentication
CVSS 4.3
CVE-2025-3634 MEDIUM
Moodle 4.3.0-4.3.11 - Improper Authentication via Course Enrollment Bypass
CVSS 4.3
CVE-2025-2771 MEDIUM
BEC Technologies Router Firmware - Unauthenticated Authentication Bypass via Web Interface
CVSS 5.3
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits