Weaknesses of type CWE-287
1,841 resultsCVE-2021-4230LOWAirfield Online MySQL Backup improper authenticationEPSS 0.9%CVE-2022-39219HIGHBifrost users using basic authntication can bypass write permission limitEPSS 0.9%CVE-2022-23555CRITICALauthentik vulnerable to Improper Authentication via invitation URL token reuseEPSS 0.9%CVE-2022-48195CRITICALAn issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertisEPSS 0.9%CVE-2023-21721MEDIUMMicrosoft OneNote Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2022-34839MEDIUMWordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerabilityEPSS 0.9%CVE-2023-22334MEDIUMUse of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remotEPSS 0.9%CVE-2020-11101CRITICALSierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login sessiEPSS 0.9%CVE-2021-3827—A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behaviEPSS 0.9%CVE-2023-28609CRITICALapi/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.EPSS 0.9%CVE-2020-15222HIGHReplay of private_key_jwt possible in ORY FositeEPSS 0.9%CVE-2023-35137HIGHAn improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmwEPSS 0.9%CVE-2022-44620HIGHImproper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote aEPSS 0.9%CVE-2022-39251HIGHMatrix Javascript SDK vulnerable to Olm/Megolm protocol confusionEPSS 0.9%CVE-2023-49340CRITICALAn issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privilegEPSS 0.9%CVE-2011-2054MEDIUMCisco ASA Secondary Authentication Bypass VulnerabilityEPSS 0.9%CVE-2024-46434HIGHTenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gainEPSS 0.9%CVE-2024-25128CRITICALFlask-AppBuilder incorrect authentication when using auth type OpenID EPSS 0.9%CVE-2023-31634CRITICALIn TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP EPSS 0.9%CVE-2019-5449—A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidentialEPSS 0.9%