Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25804 Antrea has invalid enforcement order for network policy rules caused by integer overflow — antrea 4.3AIMediumAI2026-02-06
CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code — gogs 8.2AIHighAI2026-02-06
CVE-2026-1740 EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon_check_session_url improper authentication — ipTIME A8004T 7.3 High2026-02-02
CVE-2025-62349 Salt Master authentication protocol downgrade may enable minion impersonation — Salt 6.2 Medium2026-01-30
CVE-2026-22764 Dell OpenManage Network Integration 授权问题漏洞 — OpenManage Network Integration 4.3 Medium2026-01-29
CVE-2025-12810 Failure in Password Rotation and Check-in Mechanism in Secret Server Allows Reuse of Credentials — Secret Server On-Prem 9.1AICriticalAI2026-01-27
CVE-2026-24003 EvseV2G has sequence state validation bypass — everest-core 4.3 Medium2026-01-26
CVE-2026-0633 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 3.7 Low2026-01-24
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic — horilla 8.1 High2026-01-22
CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication — CRMEB 5.6 Medium2026-01-20
CVE-2026-1202 CRMEB LoginController.php appleLogin improper authentication — CRMEB 7.3 High2026-01-20
CVE-2026-0629 Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras — VIGI InSight Sx45 Series (S245/S345/S445) 8.8 -2026-01-16
CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX — BLUVOYIX 9.1AICriticalAI2026-01-14
CVE-2025-67859 Polkit Authorization Check can be Bypassed in the TLP power daemon — TLP 5.5AIMediumAI2026-01-14
CVE-2025-68931 Jervis has AES CBC Mode Without Authentication — jervis 9.1AICriticalAI2026-01-13
CVE-2026-0408 Path traversal vulnerability in Netgear WiFi Range Extenders — EX5000 5.7AIMediumAI2026-01-13
CVE-2026-0407 Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks — EX5000 8.8AIHighAI2026-01-13
CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices — RBE970 6.8AIMediumAI2026-01-13
CVE-2025-69273 Spectrum broken authentication — DX NetOps Spectrum 9.8AICriticalAI2026-01-12
CVE-2026-22594 Ghost has Staff 2FA bypass — Ghost 8.1 High2026-01-10
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username — ZimaOS 9.4 Critical2026-01-08
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass — kanboard 9.1 Critical2026-01-08
CVE-2026-21854 Tarkov Data Manager Authentication Bypass vulnerability — tarkov-data-manager 9.8 Critical2026-01-07
CVE-2025-14942 Authentication Bypass — wolfSSH 9.8 -2026-01-06
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window — panel 6.5 Medium2026-01-06
CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links — coolify 8.0 -2026-01-05
CVE-2026-0589 code-projects Online Product Reservation System Administration Backend improper authentication — Online Product Reservation System 7.3 High2026-01-05
CVE-2025-15458 bg5sbk MiniCMS Article post-edit.php improper authentication — MiniCMS 7.3 High2026-01-05
CVE-2025-15457 bg5sbk MiniCMS Trash File Restore post.php improper authentication — MiniCMS 7.3 High2026-01-05
CVE-2025-15456 bg5sbk MiniCMS Publish page-edit.php improper authentication — MiniCMS 7.3 High2026-01-05

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.