Filtered by CWE-287
Total 3924 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-39009 1 Huawei 2 Emui, Harmonyos 2025-06-03 9.8 Critical
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
CVE-2023-7211 1 Uniwayinfo 10 Uw-101x, Uw-101x Firmware, Uw-301vpw and 7 more 2025-06-03 5.6 Medium
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-21638 1 Microsoft 1 Azure Ipam 2025-06-03 9.1 Critical
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
CVE-2023-50919 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2025-06-03 9.8 Critical
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2023-49262 1 Hongdian 2 H8951-4g-esp, H8951-4g-esp Firmware 2025-06-03 9.8 Critical
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
CVE-2023-46942 1 Evershop 1 Evershop 2025-06-03 7.5 High
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
CVE-2025-44083 1 Dlink 2 Di-8100, Di-8100 Firmware 2025-06-03 9.8 Critical
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
CVE-2023-34388 1 Selinc 2 Sel-451, Sel-451 Firmware 2025-06-03 6.5 Medium
AnĀ Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2025-32815 1 Infoblox 1 Netmri 2025-06-03 6.5 Medium
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CVE-2025-5149 1 Wcms 1 Wcms 2025-06-03 5.6 Medium
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6344 1 Tylertech 1 Court Case Management Plus 2025-06-03 5.3 Medium
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
CVE-2025-5437 2025-06-02 5.3 Medium
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-31264 1 Apple 1 Macos 2025-06-02 4.6 Medium
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
CVE-2022-34908 1 Aremis 1 Aremis 4 Nomads 2025-05-30 8.2 High
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
CVE-2024-41195 1 Ocuco 1 Innovation 2025-05-30 9.8 Critical
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41196 1 Ocuco 1 Innovation 2025-05-30 9.8 Critical
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41197 1 Ocuco 1 Innovation 2025-05-30 9.8 Critical
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41198 1 Ocuco 1 Innovation 2025-05-30 9.8 Critical
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41199 1 Ocuco 1 Innovation 2025-05-30 7.2 High
An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2023-47189 1 Wpmudev 1 Defender 2025-05-29 5.3 Medium
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.