Weaknesses of type CWE-287
1,848 resultsCVE-2025-25450MEDIUMAn issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the acEPSS 0.3%CVE-2025-25452MEDIUMAn issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpointEPSS 0.3%CVE-2023-52210MEDIUMWordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-46827HIGHVulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affecEPSS 0.3%CVE-2026-30851HIGHCaddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege EscalationEPSS 0.2%CVE-2024-38426MEDIUMImproper Authentication in ModemEPSS 0.2%CVE-2024-21635HIGHMemos Access Tokens Stay Valid after User Password ChangeEPSS 0.2%CVE-2026-33124HIGHFrigate has insecure password change functionalityEPSS 0.2%CVE-2026-44166MEDIUMPocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgradeEPSS 0.2%CVE-2020-12035—Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provideEPSS 0.2%CVE-2026-52845HIGHCaddy: FastCGI header normalization bypass in `forward_auth copy_headers`EPSS 0.2%CVE-2024-13309MEDIUMLogin Disable - Critical - Access bypass - SA-CONTRIB-2024-073EPSS 0.2%CVE-2025-48746MEDIUMNetwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a CritEPSS 0.2%CVE-2026-45567HIGHRoxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gptEPSS 0.2%CVE-2026-56223CRITICALCapgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-userEPSS 0.2%CVE-2026-55759HIGHRocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replayEPSS 0.2%CVE-2024-24554MEDIUMBludit - Insecure Token GenerationEPSS 0.2%CVE-2021-3458MEDIUMThe Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.EPSS 0.2%CVE-2022-39901MEDIUMImproper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption EPSS 0.2%CVE-2026-34873CRITICALAn issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.EPSS 0.2%