CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-4755	D-Link DI-7003GV2 netconfig.asp sub_497DE4 improper authentication — DI-7003GV2	7.3	High	2025-05-16
CVE-2025-47275	Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK — auth0-PHP	9.1	Critical	2025-05-15
CVE-2025-26685	Microsoft Defender for Identity Spoofing Vulnerability — Microsoft Defender for Identity	6.5	Medium	2025-05-13
CVE-2025-3659	Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP — Digi PortServer TS	9.8^AI	Critical^AI	2025-05-12
CVE-2025-4494	JAdmin-JAVA JAdmin Admin Backend NoNeedLoginController.java toLogin improper authentication — JAdmin	7.3	High	2025-05-09
CVE-2024-11186	On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem — CloudVision Portal	10.0	Critical	2025-05-08
CVE-2025-46573	passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling — passport-wsfed-saml2	7.4^AI	High^AI	2025-05-06
CVE-2025-46572	passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping — passport-wsfed-saml2	7.4^AI	High^AI	2025-05-06
CVE-2025-22477	Dell Storage Manager 授权问题漏洞 — Dell Storage Center - Dell Storage Manager	8.3	High	2025-05-06
CVE-2025-46590	Huawei HarmonyOS 安全漏洞 — HarmonyOS	6.3	Medium	2025-05-06
CVE-2025-0217	Privileged Remote Access Authentication Bypass — Privileged Remote Access	5.5^AI	Medium^AI	2025-05-05
CVE-2025-4144	PKCE bypass via downgrade attack	5.3^AI	Medium^AI	2025-05-01
CVE-2025-29906	Finit bundled getty can bypass /bin/login — finit	8.6	High	2025-04-29
CVE-2025-3910	Org.keycloak.authentication: two factor authentication bypass	5.4	Medium	2025-04-29
CVE-2025-46348	YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download — yeswiki	10.0	Critical	2025-04-29
CVE-2025-3627	Moodle: partial data exposure in moodle before completing multi-factor authentication	4.3	Medium	2025-04-25
CVE-2025-3634	Moodle: moodle allows course self-enrolment before completing mfa	4.3	Medium	2025-04-25
CVE-2024-11917	JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins — JobSearch WP Job Board	8.1	High	2025-04-25
CVE-2025-2771	BEC Technologies Multiple Routers Authentication Bypass Vulnerability — Multiple Routers	9.8	-	2025-04-23
CVE-2025-3850	YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication — SpringBoot-Vue-OnlineExam	3.7	Low	2025-04-22
CVE-2025-31478	Zulip Authentication Backend Configuration Bypass — zulip	8.2	High	2025-04-16
CVE-2025-2572	WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability — WhatsUp Gold	5.6	Medium	2025-04-14
CVE-2025-22232	Spring Cloud Config Server May Not Use Vault Token Sent By Clients — Spring Cloud Config	5.3	Medium	2025-04-10
CVE-2025-22375	Authentication Bypass in CyberAudit-Web — CyberAudit-Web	9.1^AI	Critical^AI	2025-04-10
CVE-2025-30287	ColdFusion \| Improper Authentication (CWE-287) — ColdFusion	8.2	High	2025-04-08
CVE-2025-30282	ColdFusion \| Improper Authentication (CWE-287) — ColdFusion	9.1	Critical	2025-04-08
CVE-2025-25227	[20250402] - Joomla Core - MFA Authentication Bypass — Joomla! CMS	8.1	-	2025-04-08
CVE-2025-3268	qinguoyi TinyWebServer http_conn.cpp improper authentication — TinyWebServer	5.3	Medium	2025-04-04
CVE-2025-31122	scratch-coding-hut.github.io Login Links Generation vulnerability — Scratch-Coding-Hut	10.0	-	2025-03-31
CVE-2025-2859	Improper Authentication vulnerability in saTECH BCU — saTECH BCU	7.1	-	2025-03-28

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-287 (认证机制不恰当) — Vulnerability Class 1185