Weaknesses of type CWE-287
1,825 resultsCVE-2023-35078CRITICALAn authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the appliEPSS 100.0%KEVCVE-2017-7921CRITICALAn Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I EPSS 100.0%KEVCVE-2024-7593CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated aEPSS 100.0%KEVCVE-2022-40684CRITICALAn authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.EPSS 100.0%KEVCVE-2020-0688HIGHA remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, akEPSS 100.0%KEVCVE-2025-53771MEDIUMMicrosoft SharePoint Server Spoofing VulnerabilityEPSS 99.9%CVE-2021-39226CRITICALSnapshot authentication bypass in grafanaEPSS 99.9%KEVCVE-2025-49706MEDIUMMicrosoft SharePoint Server Spoofing VulnerabilityEPSS 99.9%KEVCVE-2021-33044CRITICALThe identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identityEPSS 99.9%KEVCVE-2025-61882CRITICALVulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versiEPSS 99.7%KEVCVE-2021-33045CRITICALThe identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identityEPSS 99.6%KEVCVE-2021-32030CRITICALThe administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authenticatioEPSS 99.4%KEVCVE-2025-61884HIGHVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected aEPSS 97.6%KEVCVE-2024-53704HIGHAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.EPSS 95.1%KEVCVE-2013-0625CRITICALAdobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly exeEPSS 93.8%KEVCVE-2018-10561CRITICALAn issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the EPSS 93.3%KEVCVE-2024-45216CRITICALApache Solr: Authentication bypass possible using a fake URL Path endingEPSS 90.7%CVE-2021-32648HIGHAccount Takeover in OctobercmsEPSS 90.4%KEVCVE-2022-0540CRITICALA vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP requesEPSS 88.3%CVE-2026-20182CRITICALCisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityEPSS 87.7%KEV