Weaknesses of type CWE-287

1,853 results
CVE-2023-31015MEDIUMNVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful EPSS 0.2%CVE-2022-30749LOWImproper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing EPSS 0.2%CVE-2022-33862MEDIUMImproper access control mechanism in IPPEPSS 0.2%CVE-2021-33159HIGHImproper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may alEPSS 0.2%CVE-2022-2752MEDIUMPotential vulnerabilities in GM login processEPSS 0.2%CVE-2022-42488HIGHStartup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.EPSS 0.2%CVE-2022-45118MEDIUMTelephony in communication subsystem sends public events with personal data, but the permission is not set.EPSS 0.2%CVE-2025-46590MEDIUMBypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypasEPSS 0.2%CVE-2024-12310HIGHBypass of Login Screen on Shared Kiosk WorkstationsEPSS 0.2%CVE-2022-37931HIGHA vulnerability in NetBatch-Plus software allows unauthorized access to the applicationEPSS 0.2%CVE-2025-0217HIGHPrivileged Remote Access Authentication BypassEPSS 0.2%CVE-2026-49848MEDIUMFreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`EPSS 0.2%CVE-2025-68931HIGHJervis has AES CBC Mode Without AuthenticationEPSS 0.2%CVE-2023-31292MEDIUMAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive informaEPSS 0.2%CVE-2026-47202CRITICALKavita: Pre-Auth Account TakeoverEPSS 0.2%CVE-2022-45877HIGHPIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.EPSS 0.2%CVE-2022-43900MEDIUMIBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypassEPSS 0.2%CVE-2026-49203HIGHUnauthenticated eSIM Configuration ManipulationEPSS 0.2%CVE-2019-6854A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases EPSS 0.2%CVE-2026-4829MEDIUMImproper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user tEPSS 0.2%