Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-23629 Motorola MR2600 Authentication Bypass Vulnerability — MR2600 9.6 Critical2024-01-25
CVE-2024-0879 Authentication bypass in vector-admin domain restriction — vector-admin 6.5 Medium2024-01-25
CVE-2023-52111 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5AIHighAI2024-01-16
CVE-2024-21654 rubygems.org MFA Bypass through password reset function could allow account takeover — rubygems.org 4.8 Medium2024-01-12
CVE-2023-7210 OneNav API improper authentication — OneNav 7.3 High2024-01-07
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth) — omniauth-microsoft_graph 8.6 High2024-01-02
CVE-2023-7079 Arbitrary remote file read in Wrangler dev server — wrangler 6.4 Medium2023-12-29
CVE-2023-49790 App PIN code can be bypassed in Nextcloud Files iOS — security-advisories 4.3 Medium2023-12-22
CVE-2023-6847 Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data — Enterprise Server 7.5 High2023-12-21
CVE-2023-51442 Authentication bypass vulnerability in navidrome's subsonic endpoint — navidrome 8.6 High2023-12-21
CVE-2023-6768 Authentication bypass vulnerability in Amazing Little Poll — Amazing Little poll 9.4 Critical2023-12-20
CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS — Apache Pulsar WebSocket Proxy 7.5 High2023-12-20
CVE-2023-6483 Improper Authentication Vulnerability in ADiTaaS — Allied Digital Integrated Tool-as-a-Service 9.1 Critical2023-12-18
CVE-2023-6907 codelyfe Stupid Simple CMS Deletion Interface delete.php improper authentication — Stupid Simple CMS 5.4 Medium2023-12-18
CVE-2023-44252 Fortinet FortiWAN 安全漏洞 — FortiWAN 8.6 High2023-12-13
CVE-2023-45801 Nadatel DVR 安全漏洞 — DVR 7.5 High2023-12-13
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability — Windows 10 Version 1809 7.5 High2023-12-12
CVE-2023-5970 SonicWALL SSL-VPN SMA100 series 安全漏洞 — SMA100 9.6 -2023-12-05
CVE-2023-33070 Improper Authentication in Automotive OS — Snapdragon 7.1 High2023-12-05
CVE-2023-33054 Improper Authentication in GPS HLOS Driver — Snapdragon 9.1 Critical2023-12-05
CVE-2023-44302 Dell DM5500 安全漏洞 — Dell PowerProtect Data Manager DM5500 Appliance 8.1 High2023-12-04
CVE-2023-6354 Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass — Magistrate Court Case Management Plus 5.3 Medium2023-11-30
CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass — Civil and Criminal Electronic Filing 5.3 Medium2023-11-30
CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass — Court Case Management Plus 5.3 Medium2023-11-30
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass — Court Case Management Plus 5.3 Medium2023-11-30
CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass — Court Case Management Plus 5.3 Medium2023-11-30
CVE-2023-34388 Improper authentication could lead to session hijacking — SEL-451 6.5 Medium2023-11-30
CVE-2023-35137 Zyxel NAS326 授权问题漏洞 — NAS326 firmware 7.5 High2023-11-30
CVE-2023-29062 Unsecure Identity Verification — FACSChorus 3.8 Low2023-11-28
CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE — Apache ActiveMQ 8.8 -2023-11-28

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.