VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 42 of 121
  • CVE-2025-15458HigJan 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The…

  • CVE-2025-15457HigJan 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the…

  • CVE-2025-15456HigJan 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The…

  • CVE-2025-15097HigDec 26, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and…

  • CVE-2025-14097HigDec 17, 2025
    risk 0.47cvss 7.2epss 0.00

    A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information…

  • CVE-2025-11661HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2025-11287HigOct 5, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is…

  • CVE-2025-8838HigAug 11, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication.…

  • CVE-2025-8348HigJul 31, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2025-7115HigJul 7, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The…

  • CVE-2025-7114HigJul 7, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The…

  • CVE-2025-5985HigJun 10, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to…

  • CVE-2025-5906HigJun 10, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2025-5870HigJun 9, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack…

  • CVE-2025-5247HigMay 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1. This issue affects the function LoadUrl of the file \view\url.go. The manipulation of the argument r leads to improper authentication. The attack may be initiated remotely. The exploit has…

  • CVE-2025-2388HigMar 17, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saas/commonApi/park/getParks of the component API. The manipulation leads to improper authentication. The…

  • CVE-2024-45750HigSep 25, 2024
    risk 0.47cvss 7.3epss 0.01

    An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and…

  • CVE-2022-4001HigJul 31, 2024
    risk 0.47cvss 7.3epss 0.00

    An authentication bypass vulnerability could allow an attacker to access API functions without authentication.

  • CVE-2024-37408HigJun 8, 2024
    risk 0.47cvss 7.3epss 0.00

    fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to…

  • CVE-2023-36815HigJul 3, 2023
    risk 0.47cvss 7.3epss 0.01

    Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the…