Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1186

1186 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-38096 NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability — ProSAFE Network Management System 9.8 -2024-05-03
CVE-2024-4303 ArmorX Android APP - MFA Bypass — ArmorX APP 8.8 High2024-04-29
CVE-2023-6787 Keycloak: session hijacking via re-authentication 6.5 Medium2024-04-25
CVE-2023-3597 Keycloak: secondary factor bypass in step-up authentication 5.0 Medium2024-04-25
CVE-2023-51482 WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerability — Eazy Plugin Manager 9.9 Critical2024-04-25
CVE-2023-51478 WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability — Build App Online 9.8 Critical2024-04-25
CVE-2023-51477 WordPress BuddyBoss Theme theme <= 2.4.60 - Unauth. Arbitrary WordPress Settings Change vulnerability — BuddyBoss Theme 9.8 Critical2024-04-24
CVE-2023-51472 WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability — Checkout Mestres WP 9.8 Critical2024-04-24
CVE-2023-51471 WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerability — Checkout Mestres WP 8.2 High2024-04-24
CVE-2023-51405 WordPress BookingPress plugin <= 1.0.74 - Booking Price Manipulation vulnerability — BookingPress 5.3 Medium2024-04-24
CVE-2023-47504 WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability — Elementor Website Builder 7.5 High2024-04-24
CVE-2023-25790 WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection — WoodMart 5.3 Medium2024-04-24
CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder 5.9 Medium2024-04-09
CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability — Portal for ArcGIS 8.5 High2024-04-04
CVE-2024-28012 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.1AICriticalAI2024-03-28
CVE-2024-28009 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.1AICriticalAI2024-03-28
CVE-2024-28007 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.1AICriticalAI2024-03-28
CVE-2024-28006 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.1AICriticalAI2024-03-28
CVE-2024-2244 Hitachi Energy Asset Suite 安全漏洞 — Asset Suite EAM 5.3 Medium2024-03-27
CVE-2024-2873 User authentication bypass in wolfSSH server — wolfSSH 9.1 Critical2024-03-25
CVE-2024-2862 Password reset vulnerability without authorization on LG LED Assistant — LG LED Assistant 9.1 Critical2024-03-25
CVE-2022-44595 WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability — WP 2FA 5.3 Medium2024-03-21
CVE-2024-1148 Weak Access Control - Arbitrary file upload — PVCS Version Manager 9.8 Critical2024-03-21
CVE-2024-1147 Weak Access Control - Arbitrary file download — PVCS Version Manager 9.8 Critical2024-03-21
CVE-2024-27767 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-287: Improper Authentication — Unistream Unilogic 10.0 Critical2024-03-18
CVE-2024-28255 Authentication Bypass in OpenMetadata — OpenMetadata 9.8 Critical2024-03-15
CVE-2024-2450 Mattermost 安全漏洞 — Mattermost 8.8 High2024-03-15
CVE-2024-25652 Delinea PAM Secret Server 安全漏洞 — Secret Server 7.6 High2024-03-14
CVE-2023-38534 OpenText Exceed Turbo X 安全漏洞 — Exceed Turbo X 8.6 High2024-03-13
CVE-2024-0799 Authentication Bypass via wizardLogin in Arcserve Unified Data Protection — Unified Data Protection 9.8 Critical2024-03-13

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1186 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.