CWE-287
Improper Authentication
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 50 of 62- CVE-2026-50623Medium· 6.5EPSS 0%19 h ago
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by
- CVE-2023-20867Low· 3.9KEVEPSS 2%21 h ago
VMware Tools Authentication Bypass Vulnerability
- CVE-2024-7593Critical· 9.8KEVEXPLOITEPSS 94%21 h ago
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
- CVE-2023-46805High· 8.2KEVEXPLOITEPSS 94%21 h ago
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
- CVE-2021-33045Critical· 9.8KEVEPSS 94%21 h ago
Dahua IP Camera Authentication Bypass Vulnerability
- CVE-2025-32975Critical· 10.0KEVEPSS 39%21 h ago
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- CVE-2025-3935High· 8.1KEVEPSS 6%21 h ago
ConnectWise ScreenConnect Improper Authentication Vulnerability
- CVE-2021-33044Critical· 9.8KEVEPSS 94%21 h ago
Dahua IP Camera Authentication Bypass Vulnerability
- CVE-2024-21410Critical· 9.8KEVEPSS 6%21 h ago
Microsoft Exchange Server Privilege Escalation Vulnerability
- CVE-2023-27351High· 7.5KEVEPSS 66%21 h ago
PaperCut NG/MF Improper Authentication Vulnerability
- CVE-2021-39226Critical· 9.8KEVEPSS 94%21 h ago
Grafana Authentication Bypass Vulnerability
- CVE-2023-35082Critical· 9.8KEVEPSS 94%21 h ago
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
- CVE-2024-53704Critical· 9.8KEVEPSS 94%21 h ago
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
- CVE-2024-11680Critical· 9.8KEVEXPLOITEPSS 93%21 h ago
ProjectSend Improper Authentication Vulnerability
- CVE-2019-0543High· 7.8KEVEXPLOITEPSS 43%21 h ago
Microsoft Windows Privilege Escalation Vulnerability
- CVE-2021-27876High· 8.1KEVEXPLOITEPSS 1%21 h ago
Veritas Backup Exec Agent File Access Vulnerability
- CVE-2026-20127Critical· 10.0KEVEXPLOITEPSS 59%21 h ago
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
- CVE-2021-22893Critical· 10.0KEVEPSS 94%21 h ago
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
- CVE-2015-1187Critical· 9.8KEVEXPLOITEPSS 83%21 h ago
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
- CVE-2016-7836Critical· 9.8KEVEPSS 36%21 h ago
SKYSEA Client View Improper Authentication Vulnerability
- CVE-2020-12812Critical· 9.8KEVEPSS 42%21 h ago
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
- CVE-2021-27878High· 8.8KEVEXPLOITEPSS 1%21 h ago
Veritas Backup Exec Agent Command Execution Vulnerability
- CVE-2021-34523Critical· 9.0KEVEXPLOITEPSS 94%21 h ago
Microsoft Exchange Server Privilege Escalation Vulnerability
- CVE-2023-35078Critical· 9.8KEVEPSS 94%21 h ago
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
- CVE-2025-49706Medium· 6.5KEVEXPLOITEPSS 74%21 h ago
Microsoft SharePoint Improper Authentication Vulnerability
- CVE-2024-8956Critical· 9.1KEVEPSS 84%21 h ago
PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
- CVE-2026-50751Critical· 9.3KEVEPSS 12%21 h ago
Check Point Security Gateway Improper Authentication Vulnerability
- CVE-2021-32648High· 8.2KEVEPSS 93%21 h ago
October CMS Improper Authentication
- CVE-2021-33766High· 7.3KEVEPSS 94%21 h ago
Microsoft Exchange Server Information Disclosure
- CVE-2021-27877High· 8.2KEVEXPLOITEPSS 40%21 h ago
Veritas Backup Exec Agent Improper Authentication Vulnerability
- CVE-2022-0492High· 7.8KEVEXPLOITEPSS 27%21 h ago
Linux Kernel Improper Authentication Vulnerability
- CVE-2026-20182Critical· 10.0KEVEXPLOITEPSS 84%21 h ago
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
- CVE-2015-7755Critical· 9.8KEVEXPLOITEPSS 86%21 h ago
Juniper ScreenOS Improper Authentication Vulnerability
- CVE-2020-5849High· 7.5KEVEXPLOITEPSS 94%21 h ago
Unraid Authentication Bypass Vulnerability
- CVE-2018-10561Critical· 9.8KEVEXPLOITEPSS 93%21 h ago
Dasan GPON Routers Authentication Bypass Vulnerability
- CVE-2024-49039High· 8.8KEVEPSS 65%21 h ago
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
- CVE-2017-7921Critical· 9.8KEVEXPLOITEPSS 94%21 h ago
Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2020-0688High· 8.8KEVEXPLOITEPSS 94%21 h ago
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
- CVE-2021-32030Critical· 9.8KEVEPSS 94%21 h ago
ASUS Routers Improper Authentication Vulnerability
- CVE-2019-19006Critical· 9.8KEVEPSS 22%21 h ago
Sangoma FreePBX Improper Authentication Vulnerability
- CVE-2026-48611Critical· 9.8EPSS 0%22 h ago
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
- CVE-2022-48575Low· 3.5EPSS 0%1 d ago
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
- CVE-2026-47166Medium· 5.7EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in
- CVE-2026-44810High· 8.4EPSS 0%1 d ago
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-40995Medium· 5.4EPSS 0%1 d ago
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks (disabled, locked, expired, or cre
- CVE-2026-7876Critical· 9.1EPSS 0%2 d ago
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not ha
- CVE-2026-46705—EPSS 0%2 d ago
russh server userauth state is not reset when authentication principal changes
crates.io - CVE-2026-45567High· 8.3EPSS 0%2 d ago
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publicat
- CVE-2026-47838Medium· 6.8EPSS 0%2 d ago
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonat
- CVE-2026-36727Critical· 9.1EPSS 0%2 d ago
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.