CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,354 vulnerabilities with CWE-287
CVE-2025-31122 CRITICAL
scratch-coding-hut.github.io <1.0-beta3 - Auth Bypass
CVE-2025-2859 CRITICAL
Arteche Satech BCU Firmware - Session Hijacking via Cookie Capture
CVSS 9.8
CVE-2025-30361 CRITICAL
WeGIA < 3.2.6 - Unauthenticated Password Change via control.php Endpoint
CVSS 9.8
CVE-2025-30214 HIGH
Frappe <14.89.0-15.51.0 - Info Disclosure
CVSS 7.5
CVE-2025-30168 MEDIUM
Parse Server <7.5.2-8.0.2 - Auth Bypass
CVSS 6.9
CVE-2025-22228 HIGH
Spring Security Crypto 6.3.0-6.3.7 and Spring Security 5.7.x-6.4.x - Improper Authentication via BCryptPasswordEncoder
CVSS 7.4
CVE-2025-26475 MEDIUM
Dell Secure Connect Gateway - Authentication Bypass
CVSS 5.5
CVE-2025-30116 HIGH
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
CVSS 7.5
CVE-2025-30114 CRITICAL
Forvia Hella HELLA Driving Recorder DR 820 - Auth Bypass
CVSS 9.1
CVE-2025-2388 HIGH
Keytop 路内停车收费系统 2.7.1 - Auth Bypass
CVSS 7.3
CVE-2025-2344 MEDIUM
IROAD Dash Cam X5-X6 <20250308 - Auth Bypass
CVSS 5.3
CVE-2025-2339 MEDIUM
otale Tale Blog 2.0.5 - Improper Authentication via /%61dmin/api/logs
CVSS 5.3
CVE-2025-2230 HIGH
Philips Intellispace Cardiovascular < 5.1 - Authentication Bypass via AuthContext Token Replay
CVSS 7.7
CVE-2025-29773 MEDIUM
froxlor < 2.2.6 - Authenticated Account Creation with Duplicate Email Address
CVSS 5.8
CVE-2025-27138 CRITICAL
DataEase < 2.10.6 - Unauthenticated Unauthorized Access via TokenFilter
CVSS 9.8
CVE-2025-0813 MEDIUM
EcoStruxure Power Automation System (EPAS-UI) v2.1-v2.9 Authentication Bypass via Boot Interruption
CVSS 6.8
CVE-2025-27403 HIGH
Ratify < 1.2.3 and 1.3.0-1.3.2 - Improper Authentication via Azure ACR Token Exchange
CVE-2025-1475 CRITICAL
WPCOM Member <= 1.7.5 - Unauthenticated Authentication Bypass via User Phone Parameter
CVSS 9.8
CVE-2025-25452 MEDIUM
MyTaag < 2024-11-24 - Improper Authentication via /user Endpoint
CVSS 5.1
CVE-2025-25451 MEDIUM
MyTaag < 2024-11-24 - Privilege Escalation via Local Storage Key Manipulation
CVSS 5.1
CVE-2025-25450 MEDIUM
MyTaag < 2024-11-24 - Unauthenticated Privilege Escalation via Second Factor Deactivation
CVSS 5.1
CVE-2025-27672 CRITICAL
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - OAuth Security Bypass
CVSS 9.8
CVE-2025-27641 CRITICAL
Vasion Print < 20.0.2368 and Virtual Appliance < 22.0.951 - Unauthenticated API Access for Single-Sign On
CVSS 9.8
CVE-2025-27425 MEDIUM
Firefox for iOS < 136 - Info Disclosure
CVSS 4.3
CVE-2025-1880 LOW
i-Drive i11<i12 <20250227 - Auth Bypass
CVSS 2.0
Details
Vulnerabilities 4,354
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits