CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,321 vulnerabilities with CWE-287
CVE-2025-3850 LOW
YXJ2018 SpringBoot-Vue-OnlineExam 1.0 - Improper Authentication
CVSS 3.7
CVE-2025-27086 HIGH
HPE Performance Cluster Manager - Auth Bypass
CVSS 8.1
CVE-2025-31478 HIGH
Zulip Server < 10.2 - Unauthenticated Account Creation via SSO Bypass
CVSS 8.2
CVE-2025-30215 CRITICAL
NATS-Server <2.10.27, 2.11.1 - Info Disclosure
CVSS 9.6
CVE-2025-30733 MEDIUM
Oracle RDBMS Listener 19.3-19.26, 21.3-21.17, 23.4-23.7 - Unauthenticated Improper Authentication via Oracle Net
CVSS 6.5
CVE-2025-24949 MEDIUM
joturl 2.0 - Improper Authentication
CVSS 6.5
CVE-2025-2572 MEDIUM
WhatsUp Gold < 24.0.3 - Unauthenticated Database Manipulation in WhatsUp.dbo.WrlsMacAddressGroup
CVSS 5.6
CVE-2025-22232 MEDIUM
Spring Cloud Config Server - Info Disclosure
CVSS 5.3
CVE-2025-22375 CRITICAL
Videx's CyberAudit-Web <9.5 - Auth Bypass
CVE-2025-30287 HIGH
ColdFusion <2023.12, 2021.18, 2025.0 - Auth Bypass
CVSS 8.2
CVE-2025-30282 CRITICAL
ColdFusion <2023.12, 2021.18, 2025.0 - Auth Bypass
CVSS 9.1
CVE-2025-25227 HIGH
Joomla! 4.0.0-4.4.12 and 5.0.0-5.2.5 - Multi-Factor Authentication Bypass
CVSS 7.5
CVE-2025-3268 MEDIUM
qinguoyi TinyWebServer <1.0 - Improper Authentication
CVSS 5.3
CVE-2025-3062 MEDIUM
Drupal Admin LTE theme - Improper Authentication
CVSS 6.6
CVE-2025-3061 MEDIUM
Material Admin - Improper Authentication
CVSS 6.6
CVE-2025-30432 MEDIUM
iPadOS < 17.7.6 - Improper Authentication via Passcode Entry Logic Issue
CVSS 6.4
CVE-2025-30430 CRITICAL
iPadOS < 18.4 - Improper Authentication via Password Autofill
CVSS 9.8
CVE-2025-31122 CRITICAL
scratch-coding-hut.github.io <1.0-beta3 - Auth Bypass
CVE-2025-2859 CRITICAL
Arteche Satech BCU Firmware - Session Hijacking via Cookie Capture
CVSS 9.8
CVE-2025-30361 CRITICAL
WeGIA < 3.2.6 - Unauthenticated Password Change via control.php Endpoint
CVSS 9.8
CVE-2025-30214 HIGH
Frappe <14.89.0-15.51.0 - Info Disclosure
CVSS 7.5
CVE-2025-30168 MEDIUM
Parse Server <7.5.2-8.0.2 - Auth Bypass
CVSS 6.9
CVE-2025-22228 HIGH
Spring Security Crypto 6.3.0-6.3.7 and Spring Security 5.7.x-6.4.x - Improper Authentication via BCryptPasswordEncoder
CVSS 7.4
CVE-2025-26475 MEDIUM
Dell Secure Connect Gateway - Authentication Bypass
CVSS 5.5
CVE-2025-30116 HIGH
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 4,321
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits