Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2018-25236 Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management — Hirschmann HiOS 9.8 Critical2026-04-03
CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims — oauthenticator 8.8 High2026-04-03
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers — cups 7.8AIHighAI2026-04-03
CVE-2017-20237 Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution — Hirschmann Industrial HiVision 9.8 Critical2026-04-03
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability — Azure SRE Agent Gateway - SignalR Hub 8.6 High2026-04-02
CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module — Hirschmann HiEOS LRS11 9.8 Critical2026-04-02
CVE-2026-34834 Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation — webmail 8.2AIHighAI2026-04-02
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API — openedx-platform 5.3 Medium2026-04-02
CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS — Tapo C520WS v2.6 5.3AIMediumAI2026-04-02
CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users — panel 9.8 Critical2026-04-02
CVE-2026-34531 Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client — Flask-HTTPAuth 6.5 Medium2026-04-01
CVE-2026-4101 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 8.1 High2026-04-01
CVE-2026-34072 cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution — cronmaster 8.3 High2026-04-01
CVE-2026-4829 Devolutions Server 安全漏洞 — Server 8.8AIHighAI2026-04-01
CVE-2025-71279 XenForo Passkey Security Bypass — XenForo 9.8 Critical2026-04-01
CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers — minio 8.1 -2026-03-31
CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow — OpenOLAT 9.8 Critical2026-03-30
CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms — parisneo/lollms 9.8 -2026-03-29
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address — fleet 8.8 -2026-03-27
CVE-2026-27856 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 7.4 High2026-03-27
CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass — incus 8.8 High2026-03-26
CVE-2026-4831 kalcaddle kodbox Password-protected Share auth.class.php can improper authentication — kodbox 3.7 Low2026-03-26
CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching — nats-server 4.2 Medium2026-03-25
CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers — nats-server 6.4 Medium2026-03-25
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover — n8n 8.5 -2026-03-25
CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID — nats-server 6.5 Medium2026-03-24
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication — minio 7.5 -2026-03-24
CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error — pyload 6.5 Medium2026-03-24
CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData — parse-server 8.1 -2026-03-24
CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window — vikunja 5.7 Medium2026-03-24

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.