Weaknesses of type CWE-287

1,844 results
CVE-2026-2248CRITICALUnauthenticated Remote Root Shell Access via Web Console in METIS WICEPSS 0.5%CVE-2024-9947HIGHProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth providerEPSS 0.5%CVE-2026-2249CRITICALUnauthenticated Remote Command Execution via Web Console in METIS DFSEPSS 0.5%CVE-2026-28408CRITICALWeGIA lacks authentication verification in adicionar_tipo_docs_atendido.phpEPSS 0.5%CVE-2026-4187MEDIUMTiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authenticationEPSS 0.5%CVE-2024-56336CRITICALA vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FSEPSS 0.5%CVE-2024-41929HIGHImproper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authentEPSS 0.5%CVE-2024-11671MEDIUMImproper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an aEPSS 0.5%CVE-2025-64055CRITICALAn issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functionsEPSS 0.5%CVE-2025-27414MEDIUMMinIO SFTP authentication bypass due to improperly trusted SSH keyEPSS 0.5%CVE-2025-15458MEDIUMbg5sbk MiniCMS Article post-edit.php improper authenticationEPSS 0.5%CVE-2025-9994CRITICALAmp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not require authenticationEPSS 0.5%CVE-2025-15457MEDIUMbg5sbk MiniCMS Trash File Restore post.php improper authenticationEPSS 0.5%CVE-2024-57432HIGHmacrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User inforEPSS 0.5%CVE-2023-32081MEDIUMVert.x STOMP server process client frames that would not send initially a connect frameEPSS 0.5%CVE-2022-3674HIGHSourceCodester Sanitization Management System missing authenticationEPSS 0.5%CVE-2026-35579HIGHCoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transportsEPSS 0.5%CVE-2022-26508MEDIUMImproper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information diEPSS 0.5%CVE-2026-5959HIGHGL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authenticationEPSS 0.5%CVE-2025-30116HIGHAn issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can oEPSS 0.5%