Weaknesses of type CWE-287

1,847 results
CVE-2026-2248CRITICALUnauthenticated Remote Root Shell Access via Web Console in METIS WICEPSS 0.5%CVE-2026-4187MEDIUMTiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authenticationEPSS 0.5%CVE-2026-2249CRITICALUnauthenticated Remote Command Execution via Web Console in METIS DFSEPSS 0.5%CVE-2025-5906MEDIUMcode-projects Laundry System data missing authenticationEPSS 0.5%CVE-2021-32738MEDIUMUtils.readChallengeTx does not verify the server account signatureEPSS 0.5%CVE-2024-41929HIGHImproper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authentEPSS 0.5%CVE-2025-64055CRITICALAn issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functionsEPSS 0.5%CVE-2024-56336CRITICALA vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FSEPSS 0.5%CVE-2024-11671MEDIUMImproper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an aEPSS 0.5%CVE-2025-27414MEDIUMMinIO SFTP authentication bypass due to improperly trusted SSH keyEPSS 0.5%CVE-2024-57432HIGHmacrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User inforEPSS 0.5%CVE-2022-3674HIGHSourceCodester Sanitization Management System missing authenticationEPSS 0.5%CVE-2025-15457MEDIUMbg5sbk MiniCMS Trash File Restore post.php improper authenticationEPSS 0.5%CVE-2025-15458MEDIUMbg5sbk MiniCMS Article post-edit.php improper authenticationEPSS 0.5%CVE-2023-32081MEDIUMVert.x STOMP server process client frames that would not send initially a connect frameEPSS 0.5%CVE-2025-9994CRITICALAmp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not require authenticationEPSS 0.5%CVE-2026-35579HIGHCoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transportsEPSS 0.5%CVE-2022-26508MEDIUMImproper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information diEPSS 0.5%CVE-2026-5959HIGHGL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authenticationEPSS 0.5%CVE-2026-46859CRITICALVulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). The supported version that is affected is 9.3.EPSS 0.5%