CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,354 vulnerabilities with CWE-287
CVE-2025-27422 HIGH
faction < 1.4.3 - Unauthenticated Privilege Escalation via User Registration
CVSS 7.5
CVE-2025-1723 HIGH
ManageEngine ADSelfService Plus <= 6510 - Authenticated Account Takeover via Session Mishandling
CVSS 8.1
CVE-2025-23116 CRITICAL
UniFi Protect Application >=5.2.49 <5.2.49 - Authentication Bypass via Auto-Adopt Bridge Devices
CVSS 9.6
CVE-2025-27416 MEDIUM
Scratch-Coding-Hut.github.io - Auth Bypass
CVE-2025-27414 MEDIUM
MinIO <RELEASE.2025-02-28T09-55-16Z - Auth Bypass
CVE-2025-26326 HIGH
NVDA Remote 2.6.4 and Tele NVDA Remote 2025.3.3 - Improper Authentication via Weak Password Handling
CVSS 8.8
CVE-2025-27112 MEDIUM
Navidrome <=0.54.5 - Authentication Bypass in Subsonic API
CVSS 6.5
CVE-2025-1024 MEDIUM
ChurchCRM < 5.13.0 - Authenticated Reflected Cross-Site Scripting via EID Parameter
CVSS 4.8
CVE-2025-24895 CRITICAL
CIE.AspNetCore.Authentication - Auth Bypass
CVSS 9.1
CVE-2025-24894 CRITICAL
SPID.AspNetCore.Authentication - Auth Bypass
CVSS 9.1
CVE-2025-0981 MEDIUM
ChurchCRM < 5.13.0 - Stored Cross-Site Scripting in Group Editor Description Field
CVSS 6.1
CVE-2025-24904 HIGH
Whisperfish libsignal-service-rs - Plaintext Injection Bypassing E2EE
CVSS 8.5
CVE-2025-25205 HIGH
Audiobookshelf <2.19.1 - Auth Bypass
CVSS 8.2
CVE-2025-25201 MEDIUM
Nitrokey 3 Firmware <1.8.0 - Privilege Escalation
CVSS 4.0
CVE-2025-1044 CRITICAL
Logsign Unified SecOps Platform - Auth Bypass
CVSS 9.8
CVE-2025-21349 MEDIUM
Windows 10/11, Server 2016-2019 - Remote Desktop Auth Bypass
CVSS 6.8
CVE-2025-1231 MEDIUM
Dovolations Server <2024.3.10.0 - Privilege Escalation
CVSS 5.4
CVE-2025-24032 CRITICAL
PAM-PKCS#11 <0.6.13 - Privilege Escalation
CVE-2025-1104 HIGH
D-Link DHP-W310AV 1.04 - Authentication Bypass by Spoofing
CVSS 7.3
CVE-2025-0890 CRITICAL
Zyxel Legacy DSL CPE Firmware - Insecure Default Telnet Credentials
CVSS 9.8
CVE-2025-0637 CRITICAL
Beta10 - Unauthenticated Improper Authentication via /app/tools.html
CVSS 9.8
CVE-2025-0604 MEDIUM
Keycloak LDAP Federation >=26.1.0 <26.1.3 - Authentication Bypass via Password Reset
CVSS 5.4
CVE-2025-22146 CRITICAL
Sentry 21.12.0-25.1.0 - Account Takeover via Malicious SAML Identity Provider
CVSS 9.1
CVE-2025-0070 CRITICAL
SAP NetWeaver Application Server for ABAP and ABAP Platform - Privi...
CVSS 9.9
CVE-2025-21618 HIGH
NiceGUI < 2.9.1 - Improper Authentication
CVSS 7.5
Details
Vulnerabilities 4,354
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits