When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,319 vulnerabilities with CWE-287
CVE-2026-34531
MEDIUM
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
CVSS 6.5
CVE-2026-34072
HIGH
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
CVSS 8.3
CVE-2026-4829
MEDIUM
Devolutions Server <=2026.1.11 - Privilege Escalation
CVSS 5.4
CVE-2026-34204
HIGH
MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
CVSS 7.1
CVE-2026-31946
CRITICAL
OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
CVSS 9.8
CVE-2026-0558
CRITICAL
Unauthenticated File Upload in parisneo/lollms
CVSS 9.8
CVE-2026-5000
HIGH
PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
CVSS 7.3
CVE-2026-34389
MEDIUM
Fleet's user account creation via invite does not enforce invited email address
CVSS 6.5
CVE-2026-4959
HIGH
OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication
CVSS 7.3
CVE-2026-27856
HIGH
OX Dovecot Pro <2.3.0 - Timing Oracle
CVSS 7.4
CVE-2026-33898
HIGH
Local Incus UI web server vulnerable to nuthentication bypass
CVSS 8.8
CVE-2026-4831
LOW
kalcaddle kodbox Password-protected Share auth.class.php can improper authentication
CVSS 3.7
CVE-2026-33248
MEDIUM
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
CVSS 4.2
CVE-2026-33246
MEDIUM
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
CVSS 6.4
CVE-2026-33665
HIGH
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
CVSS 7.5
CVE-2026-33215
MEDIUM
NATS is vulnerable to MQTT hijacking via Client ID
CVSS 6.5
CVE-2026-33322
CRITICAL
MinIO: JWT Algorithm Confusion in OIDC Authentication
CVSS 9.8
CVE-2026-33314
MEDIUM
pyload-ng: Improper Authentication and Origin Validation Error
CVSS 6.5
CVE-2026-33409
CRITICAL
Parse Server: Auth provider validation bypass on login via partial authData
CVSS 9.1
CVE-2026-33473
MEDIUM
Vikunja has TOTP Reuse During Validity Window
CVSS 5.7
CVE-2026-4021
HIGH
Contest Gallery WordPress Plugin <=28.1.5 - Auth Bypass
CVSS 8.1
CVE-2026-32879
MEDIUM
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
CVSS 4.9
CVE-2026-33716
CRITICAL
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
CVSS 9.4
CVE-2026-33512
HIGH
WWBN AVideo <=26.0 - Info Disclosure
CVSS 7.5
CVE-2026-4592
MEDIUM
kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication
CVSS 5.6
Details
Vulnerabilities
4,319
Exploit Likelihood
High