CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,195 vulnerabilities with CWE-287
CVE-2026-4021 HIGH
Contest Gallery WordPress Plugin <=28.1.5 - Auth Bypass
CVSS 8.1
CVE-2026-32879 MEDIUM
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
CVSS 4.9
CVE-2026-33716 CRITICAL
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
CVSS 9.4
CVE-2026-33512 HIGH
WWBN AVideo <=26.0 - Info Disclosure
CVSS 7.5
CVE-2026-4592 MEDIUM
kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication
CVSS 5.6
CVE-2026-4587 LOW
HybridAuth SSL Curl.php certificate validation
CVSS 3.7
CVE-2026-4583 MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay
CVSS 5.0
CVE-2026-4582 MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication
CVSS 5.0
CVE-2026-4562 HIGH
MacCMS Timming API Endpoint Timming.php weak authentication
CVSS 7.3
CVE-2026-2756 MEDIUM
OmniPEMF NeoRhythm BLE missing authentication
CVSS 5.0
CVE-2026-32305 MEDIUM
Traefik mTLS bypass via fragmented ClientHello SNI extraction failure
CVSS 5.3
CVE-2026-33124 HIGH
Frigate has insecure password change functionality
CVSS 8.8
CVE-2026-4476 MEDIUM
Yi Technology YI Home Camera CGI Endpoint ipc missing authentication
CVSS 6.3
CVE-2026-32815 MEDIUM
SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
CVE-2026-30836 CRITICAL
Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
CVSS 10.0
CVE-2026-32730 HIGH
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CVSS 8.1
CVE-2026-33042 MEDIUM
Parse Server affected by empty authData bypassing credential requirement on signup
CVSS 5.3
CVE-2026-2991 HIGH
KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 7.3
CVE-2026-25937 MEDIUM
GLPI has a MFA bypass
CVSS 6.5
CVE-2026-4349 MEDIUM
Duende IdentityServer Token Renewal Endpoint authorize improper authentication
CVSS 5.6
CVE-2026-4252 CRITICAL
Tenda AC8 IPv6 check_is_ipv6 ip address for authentication
CVSS 9.8
CVE-2026-4187 MEDIUM
Tiandy Easy7 7.17.0 - Auth Bypass
CVSS 5.3
CVE-2026-21004 MEDIUM
Samsung Mobile Smart Switch - Denial of Service
CVSS 6.5
CVE-2026-32246 HIGH
Tinyauth <5.0.3 - Auth Bypass
CVSS 8.5
CVE-2026-32136 CRITICAL
AdGuard Home <0.107.73 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 4,195
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits