Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30223 OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes — OliveTin 8.8 High2026-03-06
CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer — Rocket.Chat 9.8 -2026-03-06
CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service — Rocket.Chat 9.8 -2026-03-06
CVE-2026-28428 Talishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game Actions — Talishar 5.3 Medium2026-03-06
CVE-2026-28787 OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay — oneuptime 8.2 High2026-03-06
CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port — AVideo 8.1 High2026-03-06
CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin — OpenClaw 5.3 Medium2026-03-05
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure — openemr 10.0 Critical2026-03-03
CVE-2026-3224 Devolutions Server 安全漏洞 — Server 9.8AICriticalAI2026-03-03
CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass — cms 8.8 High2026-02-27
CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation — Japanized for WooCommerce 5.3 Medium2026-02-27
CVE-2026-26077 Discourse doesn't ensure webhooks require a token — discourse 6.5 Medium2026-02-26
CVE-2026-27968 Packistry accepts expired access tokens — packistry 4.3 Medium2026-02-26
CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Manager 10.0 Critical2026-02-25
CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Manager 9.8 Critical2026-02-25
CVE-2026-3192 Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication — Blockchain 5.6 Medium2026-02-25
CVE-2026-24241 NVIDIA Delegated Licensing Service 授权问题漏洞 — DLS component of NVIDIA License System 4.3 Medium2026-02-24
CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking — sentry 9.1 Critical2026-02-21
CVE-2026-27134 Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication — strimzi-kafka-operator 8.1 High2026-02-20
CVE-2025-41023 Authentication bypass in AutoGPT de Thesamur — AutoGPT 9.8AICriticalAI2026-02-19
CVE-2025-15586 OGP-Website 安全漏洞 — OGP-Website 9.8AICriticalAI2026-02-19
CVE-2025-15581 Orthanc 安全漏洞 — orthanc 9.8AICriticalAI2026-02-18
CVE-2026-26119 Windows Admin Center Elevation of Privilege Vulnerability — Windows Admin Center 8.8 High2026-02-17
CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping — authentik 8.8 High2026-02-12
CVE-2026-25748 authentik has a forward authentication bypass with broken cookie — authentik 8.6 High2026-02-12
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections — outline 4.3AIMediumAI2026-02-11
CVE-2026-21508 Windows Storage Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.0 High2026-02-10
CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind — Apache Druid 9.8AICriticalAI2026-02-10
CVE-2025-10463 Improper Authentication in Birtech Information Technologies' Sensaway — Senseway 7.3 High2026-02-09
CVE-2026-2174 code-projects Contact Management System CRUD Endpoint improper authentication — Contact Management System 7.3 High2026-02-08

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.