Weaknesses of type CWE-287
1,839 resultsCVE-2025-21349MEDIUMWindows Remote Desktop Configuration Service Tampering VulnerabilityEPSS 1.1%CVE-2021-21308MEDIUMImproper session management for soft logoutEPSS 1.0%CVE-2022-25027HIGHThe Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricEPSS 1.0%CVE-2023-41264CRITICALNetwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, lEPSS 1.0%CVE-2022-20733MEDIUMCisco Identity Services Engine Authentication Bypass VulnerabilityEPSS 1.0%CVE-2022-38119CRITICALPOWERCOM CO., LTD. UPSMON PRO - Broken AuthenticationEPSS 1.0%CVE-2026-23906CRITICALApache Druid: Authentication Bypass via LDAP Anonymous BindEPSS 1.0%CVE-2022-45174CRITICALAn issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under thEPSS 1.0%CVE-2022-45173CRITICALAn issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskEPSS 1.0%CVE-2021-32794MEDIUMAccidental removal of IPCPassword (< 5.1.2.4)EPSS 1.0%CVE-2025-64513CRITICALMilvus Proxy has Critical Authentication Bypass VulnerabilityEPSS 1.0%CVE-2020-16102HIGHImproper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invaEPSS 1.0%CVE-2020-8148—UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicEPSS 1.0%CVE-2022-24738HIGHAccount compromise in EvmosEPSS 1.0%CVE-2023-2586CRITICAL
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices EPSS 1.0%CVE-2023-37471CRITICALUser impersonation using SAMLv1.x SSO in Open Access Management EPSS 1.0%CVE-2023-27582CRITICALFull authentication bypass if SASL authorization username is specifiedEPSS 1.0%CVE-2022-40602CRITICALA flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an imprEPSS 1.0%CVE-2016-0796—WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and EPSS 1.0%CVE-2022-44244MEDIUMAn authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.EPSS 1.0%