Weaknesses of type CWE-287

1,849 results
CVE-2021-3519MEDIUMA vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password AtEPSS 0.2%CVE-2026-46579HIGHOpenshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontendEPSS 0.2%CVE-2024-45347CRITICALMi Connect Service APP protocol flaws lead to unauthorized accessEPSS 0.2%CVE-2023-28646MEDIUMApp lockout in nextcloud Android app can be bypassed via thirdparty appsEPSS 0.2%CVE-2024-13088MEDIUMQHoraEPSS 0.2%CVE-2022-27874MEDIUMImproper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to poteEPSS 0.2%CVE-2025-11130HIGHiHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authenticationEPSS 0.2%CVE-2026-0408MEDIUMPath traversal vulnerability in Netgear WiFi Range ExtendersEPSS 0.2%CVE-2025-7095MEDIUMComodo Internet Security Premium Update certificate validationEPSS 0.2%CVE-2025-0663MEDIUMPotential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-LoginEPSS 0.2%CVE-2026-0407MEDIUMAuthentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacksEPSS 0.2%CVE-2022-22284MEDIUMImproper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authenticationEPSS 0.2%CVE-2025-10906HIGHMagnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authenticationEPSS 0.2%CVE-2025-10672HIGHwhuan132 AIBattery com.collweb.AIBatteryHelper BatteryXPCService.swift missing authenticationEPSS 0.2%CVE-2024-52968MEDIUMAn improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty passwoEPSS 0.2%CVE-2021-25451LOWA PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.EPSS 0.2%CVE-2026-42602HIGHazureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replayEPSS 0.2%CVE-2020-36548MEDIUMGE Voluson S8 Service Browser users.cgi improper authenticationEPSS 0.2%CVE-2025-31264MEDIUMAn authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS EPSS 0.2%CVE-2025-2230HIGHPhilips Intellispace Cardiovascular (ISCV) Improper AuthenticationEPSS 0.2%