CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-21450	Improper Authentication in GPS_GNSS — Snapdragon	9.1	Critical	2025-07-08
CVE-2025-6926	Security Authentication Bypass in CentralAuth — Mediawiki - CentralAuth Extension	9.8^AI	Critical^AI	2025-07-03
CVE-2025-52553	authentik has Insufficient Session verification for Remote Access Control endpoint access — authentik	9.1^AI	Critical^AI	2025-06-27
CVE-2025-53013	Himmelblau offline auth permits authentication with invalid Hello PIN — himmelblau	5.2	Medium	2025-06-26
CVE-2025-52572	Hikka vulnerable to RCE through dangling web interface — Hikka	10.0	Critical	2025-06-24
CVE-2025-52571	Hikka vulnerable to RCE through edits in a channel — Hikka	9.7	Critical	2025-06-24
CVE-2025-49851	Improper Authentication in ControlID iDSecure On-premises — iDSecure On-premises	9.8^AI	Critical^AI	2025-06-24
CVE-2025-6528	70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication — M300	4.3	Medium	2025-06-23
CVE-2025-6524	70mai 1S Video Services improper authentication — 1S	3.1	Low	2025-06-23
CVE-2024-45347	Mi Connect Service APP protocol flaws lead to unauthorized access — Xiaomi Mi Connect Service	9.6	Critical	2025-06-23
CVE-2025-6172	TECNO com.afmobi.boomplayer 安全漏洞 — com.afmobi.boomplayer	8.8^AI	High^AI	2025-06-16
CVE-2025-6083	ExtremeCloud Universal ZTNA Improper Authorization — ExtremeCloud Universal ZTNA	5.3^AI	Medium^AI	2025-06-13
CVE-2025-49146	pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration — pgjdbc	8.2	High	2025-06-11
CVE-2025-5985	code-projects School Fees Payment System improper authentication — School Fees Payment System	7.3	High	2025-06-10
CVE-2025-5870	TRENDnet TV-IP121W Web Interface setup.cgi improper authentication — TV-IP121W	7.3	High	2025-06-09
CVE-2024-13088	QHora — QuRouter	7.8^AI	High^AI	2025-06-06
CVE-2025-48909	Huawei HarmonyOS 安全漏洞 — HarmonyOS	7.1	High	2025-06-06
CVE-2025-49012	Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass — himmelblau	5.4	Medium	2025-06-05
CVE-2025-5597	WF Steuerungstechnik GmbH - airleader MASTER - Authentication Bypass — airleader MASTER	9.8^AI	Critical^AI	2025-06-04
CVE-2025-49001	Dataease Authentication Bypass Vulnerability — dataease	5.3^AI	Medium^AI	2025-06-03
CVE-2025-5512	quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication — shiyi-blog	7.3	High	2025-06-03
CVE-2025-46548	Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective — Apache Pekko Management	9.8^AI	Critical^AI	2025-06-03
CVE-2025-5495	Netgear WNR614 URL improper authentication — WNR614	7.3	High	2025-06-03
CVE-2025-5437	Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication — Sirius RE016	5.3	Medium	2025-06-02
CVE-2025-48370	auth-js Vulnerable to Insecure Path Routing from Malformed User Input — auth-js	8.2^AI	High^AI	2025-05-27
CVE-2025-5247	Gowabby HFish url.go LoadUrl improper authentication — HFish	7.3	High	2025-05-27
CVE-2025-5149	WCMS Login getallcon getMemberByUid improper authentication — WCMS	5.6	Medium	2025-05-25
CVE-2024-7487	Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication — WSO2 Identity Server	5.8	Medium	2025-05-22
CVE-2025-4978	Netgear DGND3700 Basic Authentication BRS_top.html improper authentication — DGND3700	9.8	Critical	2025-05-20
CVE-2025-47790	Nextcloud Server doesn't request second factor after session timeout — security-advisories	6.4	Medium	2025-05-16

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-287 (认证机制不恰当) — Vulnerability Class 1185