Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-5012 WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability — WhatsUp Gold 8.6 High2024-06-25
CVE-2024-5806 MOVEit Transfer Authentication Bypass Vulnerability — MOVEit Transfer 9.1 Critical2024-06-25
CVE-2024-5805 MOVEit Gateway Authentication Bypass Vulnerability — MOVEit Gateway 9.1 Critical2024-06-25
CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability — Play.ht 4.3 Medium2024-06-24
CVE-2024-37897 Insufficient access control for password reset in sftpgo — sftpgo 5.4 Medium2024-06-20
CVE-2024-38351 Password auth and OAuth2 unverified email linking — pocketbase 5.4 Medium2024-06-18
CVE-2024-37893 MFA bypass in oauth flow in Firefly III — firefly-iii 5.9 Medium2024-06-17
CVE-2024-37313 Nextcloud server allows the by-pass the second factor — security-advisories 7.3 High2024-06-14
CVE-2024-37368 Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction — FactoryTalk® View SE 5.3AIMediumAI2024-06-14
CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction — FactoryTalk® View SE 5.3AIMediumAI2024-06-14
CVE-2024-3080 ASUS Router - Improper Authentication — ZenWiFi XT8 9.8 Critical2024-06-14
CVE-2024-30299 Tenable Vulnerability Disclosure | API Auth Bypass — Adobe Framemaker Publishing Server 10.0 Critical2024-06-13
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset — Adobe Commerce 8.1 High2024-06-13
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims — Vault 2.6 Low2024-06-12
CVE-2024-36264 Apache Submarine Commons Utils: default secret — Apache Submarine Commons Utils 7.5AIHighAI2024-06-12
CVE-2024-36266 Siemens PowerSys 授权问题漏洞 — PowerSys 9.3 Critical2024-06-11
CVE-2024-5732 Clash Proxy Port improper authentication — Clash 7.3 High2024-06-07
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD — argo-cd 5.3 Medium2024-06-06
CVE-2023-51511 WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability — Booster Elite for WooCommerce 6.5 Medium2024-06-04
CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability — Booster for WooCommerce 6.5 Medium2024-06-04
CVE-2023-47189 WordPress Defender Security plugin <= 4.2.0 - Masked Login Area View Bypass vulnerability — Defender Security 5.3 Medium2024-06-04
CVE-2023-46630 WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability — Admin and Site Enhancements (ASE) 7.5 High2024-06-04
CVE-2023-43551 Improper Authentication in Multi-Mode Call Processor — Snapdragon 9.1 Critical2024-06-03
CVE-2024-5201 Dimensions RM - Privilege Escalation — Dimensions RM 8.8 High2024-05-23
CVE-2024-5044 Emlog Pro Cookie improper authentication — Emlog Pro 3.7 Low2024-05-17
CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability — Simple Membership 8.8 High2024-05-17
CVE-2024-35184 paperless-ngx's remote user auth via header works even when disabling it for API — paperless-ngx 5.5 Medium2024-05-15
CVE-2024-3487 Broken Authentication vulnerability in iManager — iManager 3.5 Low2024-05-15
CVE-2024-34340 Authentication Bypass when using using older password hashes — cacti 9.1 Critical2024-05-13
CVE-2024-4129 Authentication bypass in Snow License Manager — Snow License Manager 8.8 High2024-05-10

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.