Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication — sre 7.3 High2026-04-26
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints — budibase 9.1 Critical2026-04-24
CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy — axios 4.8 Medium2026-04-24
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability — Flowise 7.4AIHighAI2026-04-23
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass — paperclip 10.0 Critical2026-04-23
CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads — minio 8.8AIHighAI2026-04-22
CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads — minio 8.8AIHighAI2026-04-22
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck — oxia 9.1AICriticalAI2026-04-21
CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control — frp 6.5 Medium2026-04-21
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation — OpenHarness 6.3 Medium2026-04-20
CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass — roxy-wi 7.5AIHighAI2026-04-20
CVE-2026-6635 rowboatlabs rowboat tools_webhook app.py tool_call improper authentication — rowboat 7.3 High2026-04-20
CVE-2026-6569 kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication — KodExplorer 7.3 High2026-04-19
CVE-2025-46641 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.6 Medium2026-04-17
CVE-2025-46607 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain 6.6 Medium2026-04-17
CVE-2026-32072 Active Directory Spoofing Vulnerability — Windows 10 Version 1607 6.2 Medium2026-04-14
CVE-2026-23708 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 授权问题漏洞 — FortiSOAR PaaS 6.7 High2026-04-14
CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA — ajenti 8.1 -2026-04-10
CVE-2026-40177 Password bypass when 2FA is activated — ajenti 9.8AICriticalAI2026-04-10
CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path — vikunja 7.4 High2026-04-10
CVE-2026-4664 Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter — Customer Reviews for WooCommerce 5.3 Medium2026-04-10
CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering — notification-controller 3.1 Low2026-04-09
CVE-2026-39976 Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens — passport 7.1 High2026-04-09
CVE-2026-5959 GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication — GL-RM1 6.6 Medium2026-04-09
CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header — lobehub 5.0 Medium2026-04-08
CVE-2026-39322 PolarLearn: Any password authenticates banned accounts and grants API access — PolarLearn 9.8AICriticalAI2026-04-07
CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization — rack-session 7.4AIHighAI2026-04-07
CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision — litellm 6.5AIMediumAI2026-04-06
CVE-2026-5570 Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication — HI-LED-WR120-G2 7.3 High2026-04-05
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass — ICX35-HWC Cellular Gateway 8.8 Critical2026-04-03

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.