Weaknesses of type CWE-287
1,841 resultsCVE-2019-5449—A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidentialEPSS 0.9%CVE-2022-34379CRITICALDell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of theEPSS 0.9%CVE-2022-39038HIGHFLOWRING Agentflow BPM - Broken Access ControlEPSS 0.9%CVE-2022-39366CRITICALDataHub missing JWT signature checkEPSS 0.9%CVE-2022-2336CRITICALSofting Secure Integration Server Improper AuthenticationEPSS 0.9%CVE-2023-4562CRITICALInformation Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main moduleEPSS 0.9%CVE-2022-21695MEDIUMImproper Access Control in OnionshareEPSS 0.8%CVE-2023-39349HIGHSentry vulnerable to privilege escalation via ApiTokensEndpointEPSS 0.8%CVE-2020-5148—SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potenEPSS 0.8%CVE-2021-28494CRITICALIn Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication iEPSS 0.8%CVE-2022-2765MEDIUMSourceCodester Company Website CMS settings improper authenticationEPSS 0.8%CVE-2022-46170HIGHCodeIgniter is vulnerable to improper authentication via Session HandlersEPSS 0.8%CVE-2025-2339MEDIUMotale Tale Blog logs improper authenticationEPSS 0.8%CVE-2021-41311HIGHAffected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access rEPSS 0.8%CVE-2024-1735CRITICALA vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentEPSS 0.8%CVE-2022-2572CRITICALIn affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keysEPSS 0.8%CVE-2025-27641CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-SigEPSS 0.8%CVE-2022-22730CRITICALImproper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to poteEPSS 0.8%CVE-2022-38336HIGHAn access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without aEPSS 0.8%CVE-2025-34186CRITICALIlevia EVE X1/X5 Server 4.7.18.0.eden Authentication BypassEPSS 0.8%