Weaknesses of type CWE-287
1,842 resultsCVE-2026-12773MEDIUMBerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authenticationEPSS 0.6%CVE-2026-5570MEDIUMTechnostrobe HI-LED-WR120-G2 LoginCB index_config improper authenticationEPSS 0.6%CVE-2025-1475CRITICALWPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'EPSS 0.6%CVE-2024-2450HIGHMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownEPSS 0.6%CVE-2022-43690MEDIUMConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limitedEPSS 0.6%CVE-2024-37893MEDIUMMFA bypass in oauth flow in Firefly IIIEPSS 0.6%CVE-2019-1758MEDIUMCisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass VulnerabilityEPSS 0.6%CVE-2025-55171HIGHWeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php`EPSS 0.6%CVE-2023-33190CRITICALImproperly configured permissions in SealosEPSS 0.6%CVE-2025-66022CRITICALFACTION Unauthenticated Custom Extension Upload leads to RCEEPSS 0.6%CVE-2015-5298—The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that EPSS 0.6%CVE-2024-25652HIGHIn Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionaEPSS 0.6%CVE-2024-44127MEDIUMThis issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private BEPSS 0.6%CVE-2022-39801HIGHSAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed EPSS 0.6%CVE-2024-53990CRITICALAsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`sEPSS 0.6%CVE-2025-27672CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-EPSS 0.6%CVE-2024-48859MEDIUMQTS, QuTS heroEPSS 0.6%CVE-2023-44752CRITICALAn issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscEPSS 0.6%CVE-2023-22650HIGHRancher does not automatically clean up a user deleted or disabled from the configured Authentication ProviderEPSS 0.6%CVE-2025-22146CRITICALImproper authentication on SAML SSO process allows user impersonation in sentryEPSS 0.6%