VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 41 of 121
  • CVE-2026-7022HigApr 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument…

  • CVE-2026-6582HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing…

  • CVE-2026-6577HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The…

  • CVE-2026-6569HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be…

  • CVE-2026-6126HigApr 12, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-5676HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is…

  • CVE-2026-5632HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made…

  • CVE-2026-5570HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly…

  • CVE-2026-5320HigApr 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated…

  • CVE-2026-34072HigApr 1, 2026
    risk 0.47cvss 8.3epss 0.00

    Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated…

  • CVE-2026-5000HigMar 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing…

  • CVE-2026-4959HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction_id results in missing…

  • CVE-2026-4562HigMar 23, 2026
    risk 0.47cvss 7.3epss 0.01

    A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The…

  • CVE-2026-3794HigMar 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is…

  • CVE-2026-3053HigFeb 24, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It…

  • CVE-2025-10463HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse. This issue affects Senseway: through 09022026.  NOTE: Because the product was developed using outdated technology, the manufacturer is…

  • CVE-2026-2165HigFeb 8, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication.…

  • CVE-2026-1740HigFeb 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from…

  • CVE-2026-1202HigJan 20, 2026
    risk 0.47cvss 7.3epss 0.01

    A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to…

  • CVE-2026-0589HigJan 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made…