Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1186

1186 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2859 Improper Authentication vulnerability in saTECH BCU — saTECH BCU 7.1 -2025-03-28
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation — WeGIA 9.1AICriticalAI2025-03-27
CVE-2025-30168 Parse Server has an OAuth login vulnerability — parse-server 6.9 Medium2025-03-21
CVE-2025-26475 Dell Secure Connect Gateway(Dell SCG) 授权问题漏洞 — Secure Connect Gateway (SCG) 5.0 Appliance - SRS 5.5 Medium2025-03-19
CVE-2025-2388 Keytop 路内停车收费系统 API getParks improper authentication — 路内停车收费系统 7.3 High2025-03-17
CVE-2025-2339 otale Tale Blog logs improper authentication — Tale Blog 5.3 Medium2025-03-16
CVE-2025-2230 Philips Intellispace Cardiovascular (ISCV) Improper Authentication — Intellispace Cardiovascular (ISCV) 7.7 High2025-03-13
CVE-2025-29773 Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover — Froxlor 5.8 Medium2025-03-13
CVE-2025-27138 DataEase has an improper authentication vulnerability — dataease 9.1 -2025-03-13
CVE-2025-0813 Schneider Electric EcoStruxure Power Automation System User Interface 授权问题漏洞 — EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured Versions 6.8 Medium2025-03-12
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries — ratify 7.1 -2025-03-11
CVE-2024-56336 Siemens SINAMICS S200 授权问题漏洞 — SINAMICS S200 9.8 Critical2025-03-11
CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass — miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) 8.1 High2025-03-08
CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' — WPCOM Member 9.8 Critical2025-03-07
CVE-2025-27422 FACTION Allows Authentication Bypass via User Creation — faction 7.5 High2025-03-03
CVE-2024-38426 Improper Authentication in Modem — Snapdragon 5.4 Medium2025-03-03
CVE-2025-1723 Account takeover — ADSelfService Plus 8.1 High2025-03-03
CVE-2025-27416 Asking For Scratch Username And Password — Scratch-Coding-Hut.github.io 9.8 -2025-03-01
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key — minio 7.4 -2025-02-28
CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username — navidrome 9.1 -2025-02-24
CVE-2024-5174 Broken Authentication in Gliffy — Gliffy Online 6.8 -2025-02-24
CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter — ChurchCRM 4.8 -2025-02-19
CVE-2025-24895 SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication — cie-aspnetcore 9.1 Critical2025-02-18
CVE-2025-24894 SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication — spid-aspnetcore 9.1 Critical2025-02-18
CVE-2025-0981 Session Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description Field — ChurchCRM 4.8 -2025-02-18
CVE-2025-24904 libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked — libsignal-service-rs 8.5 High2025-02-13
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard — nitrokey-3-firmware 4.0 Medium2025-02-12
CVE-2024-13528 Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode — Customer Email Verification for WooCommerce 7.5 High2025-02-12
CVE-2025-1044 Logsign Unified SecOps Platform Authentication Bypass Vulnerability — Unified SecOps Platform 9.8 -2025-02-11
CVE-2025-21349 Windows Remote Desktop Configuration Service Tampering Vulnerability — Windows 10 Version 1507 6.8 Medium2025-02-11

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1186 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.