Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1185

1185 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-15455 bg5sbk MiniCMS File Recovery Request page.php delete_page improper authentication — MiniCMS 6.5 Medium2026-01-05
CVE-2025-15069 Privilege Escalation in Gmission Web FAX — Web Fax 7.1 High2025-12-29
CVE-2025-15135 joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication — xiaozhi-esp32-server-java 6.3 Medium2025-12-28
CVE-2025-15099 simstudioai sim CRON Secret internal.ts improper authentication — sim 7.3 High2025-12-26
CVE-2025-15097 Alteryx Server status improper authentication — Server 7.3 High2025-12-26
CVE-2025-14908 JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication — JeecgBoot 6.3 Medium2025-12-19
CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger — Dialogflow CX Messenger 9.1AICriticalAI2025-12-18
CVE-2025-14738 Configuration Disclosure Vulnerability in TP-Link WA850RE — WA850RE 7.5AIHighAI2025-12-18
CVE-2025-44005 Smallstep step-ca 安全漏洞 — Step-CA 10.0 Critical2025-12-17
CVE-2025-14097 Remote Code Execution Vulnerability in Radiometer Products — ABL90 FLEX and ABL90 FLEX PLUS Analyzers 7.2 High2025-12-17
CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP — WPCOM Member 8.1 High2025-12-16
CVE-2025-14746 Ningyuanda TC155 RTSP Live Video Stream Endpoint improper authentication — TC155 4.3 Medium2025-12-16
CVE-2025-37731 Elasticsearch Improper Authentication — Elasticsearch 6.8 Medium2025-12-15
CVE-2025-14703 Shiguangwu sgwbox N3 POST Message fsnotify improper authentication — sgwbox N3 5.3 Medium2025-12-15
CVE-2025-67507 Filament's multi-factor authentication (app) recovery codes can be used multiple times — filament 8.1 High2025-12-10
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header — framework 7.4AIHighAI2025-12-09
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file — security-advisories 2.7 Low2025-12-05
CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover — User Verification by PickPlugins 9.8 Critical2025-12-05
CVE-2025-9803 Improper Authentication in lunary-ai/lunary — lunary-ai/lunary 9.8AICriticalAI2025-11-25
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change — memos 8.0 -2025-11-14
CVE-2025-64717 ZITADEL vulnerable to Account Takeover with deactivated Instance IdP — zitadel 3.8 -2025-11-13
CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp — sudo-rs 4.4 Medium2025-11-12
CVE-2025-12998 Broken Authentication in extension “Modules” (modules) — Extension "Modules" 9.1 -2025-11-12
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability — milvus 9.8 -2025-11-10
CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing — kubevirt 4.7 Medium2025-11-07
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer — kubevirt 4.7 Medium2025-11-07
CVE-2025-3222 Smallworld SWMFS Improper Authentication — Smallworld 9.8 -2025-11-07
CVE-2025-20730 MediaTek Chipsets 安全漏洞 — MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8195, MT8676, MT8678, MT8696 6.7AIMediumAI2025-11-04
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error — emlog 8.1 -2025-10-24
CVE-2025-43995 Dell Storage Manager 授权问题漏洞 — Dell Storage Manager 9.8 Critical2025-10-24

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1185 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.