This page collects WhisperX intelligence signals tagged #CWE-287. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been identified in the Tailscale macOS application, exposing an internal XPC service to any local program. The service, named "Downloader," lacks the mandatory `SMAuthorizedClients` validation, effectively removing the authentication barrier. This omission allows any application running on ...
A critical authentication vulnerability has been identified in socfortress CoPilot, affecting all versions prior to 0.1.57. The flaw, tracked as CVE-2026-42869 and classified under CWE-287 (Improper Authentication), stems from a hardcoded JWT secret embedded within the software. This weakness allows remote attackers to...
A critical improper authentication vulnerability has been identified in ChurchCRM, an open-source church management software platform. Tracked as CVE-2026-44547 and classified as CWE-287, the flaw carries a CVSS score of 9.6, placing it in the critical severity range. The vulnerability affects versions 7.2.0 through 7....