Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature — glpi 7.2 -2024-12-11
CVE-2024-10511 Schneider Electric PowerChute Serial Shutdown 授权问题漏洞 — PowerChute Serial Shutdown 5.3 Medium2024-12-11
CVE-2024-49076 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2024-12-10
CVE-2024-0130 NVIDIA UFM 授权问题漏洞 — UFM Enterprise GA 8.8 High2024-12-06
CVE-2024-48859 QTS, QuTS hero — QTS 9.8 -2024-12-06
CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider — Pie Register - Social Sites Login (Add on) 8.1 High2024-12-04
CVE-2024-45106 Apache Ozone: Improper authentication when generating S3 secrets — Apache Ozone 6.8 -2024-12-03
CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s — async-http-client 8.2 -2024-12-02
CVE-2018-11952 Improper Authentication in TrustZone — Snapdragon 7.8 High2024-11-26
CVE-2016-10394 Improper Authentication in Core — Snapdragon 9.8 High2024-11-26
CVE-2024-11671 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 8.8AIHighAI2024-11-25
CVE-2022-33862 Improper access control mechanism in IPP — Intelligent Power Protector (IPP) 6.7 Medium2024-11-25
CVE-2024-45369 mySCADA myPRO Improper Authentication — myPRO Manager 8.1 High2024-11-22
CVE-2024-6248 Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability — Cam v3 8.8 -2024-11-22
CVE-2024-11494 Zyxel P-6101C 授权问题漏洞 — P-6101C firmware 7.5 High2024-11-20
CVE-2024-47533 Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes — cobbler 9.8 Critical2024-11-18
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options — security-advisories 4.4 Medium2024-11-15
CVE-2024-11209 Apereo CAS 2FA login improper authentication — CAS 6.3 Medium2024-11-14
CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe — symfony 7.5 High2024-11-13
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability — Windows Server 2025 8.8 High2024-11-12
CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee — trustee 8.1 High2024-11-08
CVE-2024-10963 Pam: improper hostname interpretation in pam_access leads to access control bypass 7.4 High2024-11-07
CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle — symfony 3.1 Low2024-11-06
CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider — Social Share, Social Login and Social Comments Plugin – Super Socializer 8.1 High2024-11-06
CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider — Heateor Social Login WordPress 8.1 High2024-11-06
CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface — JuiceBox Pro 3.0 22kW Cellular 8.8 High2024-11-05
CVE-2024-10114 Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider — WooCommerce - Social Login 8.1 High2024-11-05
CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider — Loginizer Security 8.1 High2024-11-05
CVE-2024-10620 knightliao Disconf Configuration Center list improper authentication — Disconf 5.3 Medium2024-11-01
CVE-2024-49755 Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs — IdentityServer 3.1 Low2024-10-28

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.