Weaknesses of type CWE-287

1,847 results
CVE-2026-44961NONEThe XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernamEPSS 0.3%CVE-2022-40966HIGHAuthentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and acceEPSS 0.3%CVE-2025-69822HIGHAn issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privEPSS 0.3%CVE-2026-10845HIGHIBM WebSphere Application Server is affected by an authentication bypass vulnerabilityEPSS 0.3%CVE-2025-10293HIGHKeyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2024-3826HIGHBroken SAML ValidationEPSS 0.3%CVE-2026-54089CRITICALFile Browser: Authentication Bypass via Proxy Auth Header ForgeryEPSS 0.3%CVE-2025-64103HIGHZitadel Bypass Second Authentication FactorEPSS 0.3%CVE-2025-45583CRITICALIncorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the servicEPSS 0.3%CVE-2024-5174MEDIUMBroken Authentication in GliffyEPSS 0.3%CVE-2022-25667HIGHInformation disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and NetworkingEPSS 0.3%CVE-2022-46774MEDIUMIBM Manage Application security bypassEPSS 0.3%CVE-2026-30967HIGHParse Server OAuth2 authentication adapter account takeover via identity spoofingEPSS 0.3%CVE-2025-6505HIGHUnauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on LinuxEPSS 0.3%CVE-2026-30831HIGHRocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamerEPSS 0.3%CVE-2024-56335HIGHPrivilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwardenEPSS 0.3%CVE-2025-7699HIGHAn improper access control vulnerability was found in the EZ Sync Manager of ADMEPSS 0.3%CVE-2026-49197CRITICALPredator Connect W6x: Improper AuthenticationEPSS 0.3%CVE-2024-28188MEDIUMjupyter-scheduler's endpoint is missing authenticationEPSS 0.3%CVE-2018-19937MEDIUMA local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turniEPSS 0.3%