When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,319 vulnerabilities with CWE-287
CVE-2026-8244
MEDIUM
Industrial Application Software IAS Canias ERP Login RMI improper authentication
CVSS 5.3
CVE-2026-8216
HIGH
Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
CVSS 7.3
CVE-2026-8214
MEDIUM
Industrial Application Software IAS Canias ERP RMI doAction improper authentication
CVSS 5.3
CVE-2026-8185
MEDIUM
UGREEN CM933 Administrative missing authentication
CVSS 6.3
CVE-2026-42560
CRITICAL
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
CVSS 9.1
CVE-2026-41070
CRITICAL
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access
CVSS 10.0
CVE-2026-41574
CRITICAL
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
CVSS 9.8
CVE-2026-41671
MEDIUM
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
CVSS 6.8
CVE-2026-8031
MEDIUM
PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
CVSS 5.3
CVE-2026-35579
CRITICAL
CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CVSS 9.8
CVE-2026-27960
CRITICAL
OpenCTI privilege escalation and unauthenticated access via default admin account
CVSS 9.8
CVE-2026-7844
MEDIUM
chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication
CVSS 6.3
CVE-2026-5722
CRITICAL
MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse
CVSS 9.8
CVE-2026-41571
CRITICAL
Note Mark: OIDC-registered users authenticated by submitting password "null"
CVSS 9.4
CVE-2026-7723
HIGH
PrefectHQ prefect WebSocket Endpoint in missing authentication
CVSS 7.3
CVE-2026-7722
MEDIUM
PrefectHQ prefect Health Check API health endswith improper authentication
CVSS 5.3
CVE-2026-7714
MEDIUM
crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication
CVSS 6.5
CVE-2026-7710
HIGH
YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication
CVSS 7.3
CVE-2026-7679
HIGH
YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
CVSS 7.3
CVE-2026-7630
HIGH
innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication
CVSS 7.3
CVE-2026-35903
CRITICAL
MERCURY MIPC252W 1.0.5 - Auth Bypass
CVSS 9.8
CVE-2026-41081
MEDIUM
Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
CVSS 6.5
CVE-2026-7113
MEDIUM
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
CVSS 5.6
CVE-2026-7112
MEDIUM
NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication
CVSS 5.6
CVE-2026-7042
HIGH
666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
CVSS 7.3
Details
Vulnerabilities
4,319
Exploit Likelihood
High