When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,319 vulnerabilities with CWE-287
CVE-2026-40109
LOW
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
CVSS 3.1
CVE-2026-34500
MEDIUM
Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled
CVSS 6.5
CVE-2026-29145
CRITICAL
Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled
CVSS 9.1
CVE-2026-39976
HIGH
Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens
CVSS 7.1
CVE-2026-5959
MEDIUM
GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication
CVSS 6.6
CVE-2026-39411
MEDIUM
LobeHub <2.1.48 webapi Routes - Authentication Bypass
CVSS 5.0
CVE-2026-5795
HIGH
Eclipse Jetty 9.4.0-9.4.59, 10.0.0-10.0.27, 11.0.0-11.0.27, 12.0.0-12.0.32, 12.1.0-12.1.6 Privilege Escalation
CVSS 7.4
CVE-2026-39322
HIGH
PolarLearn: Any password authenticates banned accounts and grants API access
CVSS 8.8
CVE-2026-39324
CRITICAL
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
CVSS 9.8
CVE-2026-5676
HIGH
Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication
CVSS 7.3
CVE-2026-35030
CRITICAL
LiteLLM <1.83.0 OIDC Userinfo Cache - Authentication Bypass
CVSS 9.1
CVE-2026-5632
HIGH
assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
CVSS 7.3
CVE-2026-5616
HIGH
JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication
CVSS 7.3
CVE-2026-5570
HIGH
Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication
CVSS 7.3
CVE-2026-5557
MEDIUM
badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
CVSS 6.3
CVE-2026-34990
HIGH
OpenPrinting CUPS: Local print admin token disclosure using temporary printers
CVSS 7.8
CVE-2026-33175
HIGH
OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
CVSS 8.8
CVE-2026-32173
HIGH
Azure SRE Agent Information Disclosure Vulnerability
CVSS 8.6
CVE-2026-34834
HIGH
Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation
CVSS 7.5
CVE-2026-34736
MEDIUM
Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API
CVSS 5.3
CVE-2026-34121
HIGH
Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS
CVSS 8.8
CVE-2026-33746
CRITICAL
Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users
CVSS 9.8
CVE-2026-5320
HIGH
vanna-ai vanna Chat API Endpoint v2 missing authentication
CVSS 7.3
CVE-2026-4101
HIGH
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 8.1
CVE-2026-34873
CRITICAL
Mbed TLS 3.5.0-4.0.0 - Client Impersonation
CVSS 9.1
Details
Vulnerabilities
4,319
Exploit Likelihood
High