Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10620 knightliao Disconf Configuration Center list improper authentication — Disconf 5.3 Medium2024-11-01
CVE-2024-49755 Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs — IdentityServer 3.1 Low2024-10-28
CVE-2024-49757 Zitadel User Registration Bypass Vulnerability — zitadel 7.5 High2024-10-25
CVE-2024-49376 Autolab Has Misconfigured Reset Password Permissions — Autolab 8.8 -2024-10-25
CVE-2024-10327 Okta Verify 安全漏洞 — Okta Verify for iOS 8.1 High2024-10-24
CVE-2024-7763 WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability — WhatsUp Gold 9.8 Critical2024-10-24
CVE-2024-9947 ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider — ProfilePress Pro 8.1 High2024-10-23
CVE-2024-9927 WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal — WooCommerce Order Proposal 7.2 High2024-10-23
CVE-2024-10173 didi DDMQ Console Module improper authentication — DDMQ 7.3 High2024-10-20
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider — rancher 8.8 High2024-10-16
CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending — Apache Solr 9.8 -2024-10-16
CVE-2020-36832 Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass — Indeed Membership Pro 9.8 Critical2024-10-16
CVE-2024-38139 Microsoft Dataverse Elevation of Privilege Vulnerability — Microsoft Dataverse 8.7 High2024-10-15
CVE-2024-45115 Adobe Commerce | Improper Authentication (CWE-287) — Adobe Commerce 9.8 Critical2024-10-10
CVE-2024-45148 Adobe Commerce | Improper Authentication (CWE-287) — Adobe Commerce 8.8 High2024-10-10
CVE-2024-38124 Windows Netlogon Elevation of Privilege Vulnerability — Windows Server 2019 9.0 Critical2024-10-08
CVE-2024-41798 Siemens SENTRON 7KM PAC3200 授权问题漏洞 — SENTRON 7KM PAC3200 9.8 Critical2024-10-08
CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse — discourse 8.2 High2024-10-07
CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery — Lif-Auth-Server 5.9 -2024-10-04
CVE-2024-47070 authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header — authentik 9.1 Critical2024-09-27
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>` — nix 5.9 Medium2024-09-26
CVE-2024-45042 Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials — kratos 4.4 Medium2024-09-26
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT — firmware 8.1 High2024-09-25
CVE-2024-0002 FlashArray 安全漏洞 — FlashArray 10.0 Critical2024-09-23
CVE-2022-25768 Improper Access Control in UI upgrade process — Mautic 7.0 High2024-09-18
CVE-2024-45113 ColdFusion | Improper Authentication (CWE-287) — ColdFusion 7.5 High2024-09-13
CVE-2024-45823 FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets — FactoryTalk® Batch View™ 8.1 High2024-09-12
CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability — Microsoft Dynamics 365 Business Central 2023 Release Wave 1 8.8 High2024-09-10
CVE-2023-45038 Music Station — Music Station 4.3 Medium2024-09-06
CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore 9.8AICriticalAI2024-09-04

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.