Weaknesses of type CWE-287
1,838 resultsCVE-2021-26638HIGHXi Smarthome wallpad authentication bypass vulnerabilityEPSS 3.4%CVE-2017-7562MEDIUMAn authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A EPSS 3.3%CVE-2022-30995CRITICALSensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, LinEPSS 3.3%CVE-2025-44005CRITICALAn attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain pEPSS 3.3%CVE-2024-57049CRITICALA vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass thEPSS 3.2%CVE-2023-0905HIGHSourceCodester Employee Task Management System changePasswordForEmployee.php improper authenticationEPSS 3.2%CVE-2014-0760—Festo CECX-X-(C1/M1) Controller Improper AuthenticationEPSS 3.1%CVE-2017-12236—A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthentEPSS 3.1%CVE-2023-30869CRITICALWordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege EscalationEPSS 3.1%CVE-2017-14008—GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials.EPSS 3.1%CVE-2021-34865HIGHThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. AuthentEPSS 3.1%CVE-2018-14786—Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.EPSS 3.1%CVE-2020-3297HIGHCisco Small Business Smart and Managed Switches Session Management VulnerabilityEPSS 3.0%CVE-2020-8206—An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bEPSS 3.0%CVE-2017-6869—A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remEPSS 3.0%CVE-2025-66039CRITICALFreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth HeaderEPSS 3.0%CVE-2021-25036—All In One SEO < 4.1.5.3 - Authenticated Privilege EscalationEPSS 3.0%CVE-2018-0271—A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker toEPSS 2.7%CVE-2026-24294HIGHWindows SMB Server Elevation of Privilege VulnerabilityEPSS 2.7%CVE-2018-5451—In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficienEPSS 2.7%