Weaknesses of type CWE-287
1,843 resultsCVE-2025-11287MEDIUMsamanhappy MCPHub sseService.ts handleSseConnectionfunction improper authenticationEPSS 0.6%CVE-2022-39263MEDIUMNextAuth.js Upstash Adapter missing token verificationEPSS 0.6%CVE-2023-3638CRITICALGeoVision GV-ADR2701 Improper AuthenticationEPSS 0.6%CVE-2023-42818MEDIUMSSH public key login without private key challenge if mfa is enabled in jumpserverEPSS 0.6%CVE-2020-8236—A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification EPSS 0.6%CVE-2024-47218CRITICALAn issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.EPSS 0.6%CVE-2024-37019CRITICALNorthern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.EPSS 0.6%CVE-2022-2664HIGHPrivate Cloud Management Platform POST Request global_config_query improper authenticationEPSS 0.6%CVE-2023-37226CRITICALLoftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.EPSS 0.6%CVE-2018-8862—In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability EPSS 0.6%CVE-2022-29893HIGHImproper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allEPSS 0.6%CVE-2024-41196CRITICALAn issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to AdministratEPSS 0.6%CVE-2023-48312CRITICALAuthentication bypass using an empty token in capsule-proxyEPSS 0.6%CVE-2025-62376CRITICALpwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM accessEPSS 0.6%CVE-2024-10327HIGHA vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOSEPSS 0.6%CVE-2024-7050HIGHImproper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular sceEPSS 0.6%CVE-2021-25505LOWImproper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.EPSS 0.6%CVE-2026-2165MEDIUMdetronetdip E-commerce Account Creation Endpoint add_seller.php missing authenticationEPSS 0.6%CVE-2022-36296MEDIUMWordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerabilityEPSS 0.6%CVE-2025-46348CRITICALYesWiki Vulnerable to Unauthenticated Site Backup Creation and DownloadEPSS 0.6%