Weaknesses of type CWE-287

1,847 results
CVE-2018-19937MEDIUMA local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turniEPSS 0.3%CVE-2026-40177CRITICALPassword bypass when 2FA is activatedEPSS 0.3%CVE-2026-45156HIGHNextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDCEPSS 0.3%CVE-2020-7323MEDIUMAuthentication Protection Bypass vulnerability in ENS for WindowsEPSS 0.3%CVE-2024-57491HIGHAuthentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API wEPSS 0.3%CVE-2018-17923SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may ablEPSS 0.3%CVE-2025-11192HIGHFabric Engine (VOSS) AutoSense Authentication BypassEPSS 0.3%CVE-2025-46573HIGHpassport-wsfed-saml2 Has SAML Authentication Bypass via Attribute SmugglingEPSS 0.3%CVE-2025-67791CRITICALAn issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent aEPSS 0.3%CVE-2025-6524LOW70mai 1S Video Services improper authenticationEPSS 0.3%CVE-2026-4582LOWShenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authenticationEPSS 0.3%CVE-2025-47790MEDIUMNextcloud Server doesn't request second factor after session timeoutEPSS 0.3%CVE-2026-34531MEDIUMFlask-HTTPAuth invokes token verification callback when missing or empty token was given by clientEPSS 0.3%CVE-2025-65127MEDIUMA lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated atEPSS 0.3%CVE-2024-45042MEDIUMOry Kratos's `highest_available` setting does not properly respect code + mfa credentialsEPSS 0.3%CVE-2025-1231MEDIUMImproper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user paEPSS 0.3%CVE-2026-41671MEDIUMAdmidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without ValidationEPSS 0.3%CVE-2026-7844MEDIUMchatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authenticationEPSS 0.3%CVE-2024-41589HIGHDrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.EPSS 0.3%CVE-2025-69197MEDIUMPterodactyl TOTPs can be reused during validity windowEPSS 0.3%