Weaknesses of type CWE-287
1,849 resultsCVE-2025-9265CRITICALAPI Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 ProductsEPSS 0.2%CVE-2025-3634MEDIUMMoodle: moodle allows course self-enrolment before completing mfaEPSS 0.2%CVE-2025-24904HIGHlibsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checkedEPSS 0.2%CVE-2026-48780HIGHForem vulnerable to bypass of email address domain restrictionsEPSS 0.2%CVE-2026-46705MEDIUMrussh server userauth state is not reset when authentication principal changesEPSS 0.2%CVE-2026-22764MEDIUMDell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker witEPSS 0.2%CVE-2026-3194LOWChia Blockchain RPC Server Master Passphrase get_private_key missing authenticationEPSS 0.2%CVE-2026-32804HIGHDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with aEPSS 0.2%CVE-2022-25825MEDIUMImproper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.EPSS 0.2%CVE-2022-39245HIGHMist vulnerable to user providing a Sudo binary for authentication checksEPSS 0.2%CVE-2021-25341MEDIUMCalling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack byEPSS 0.2%CVE-2021-25342MEDIUMCalling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijackiEPSS 0.2%CVE-2021-25343MEDIUMCalling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0EPSS 0.2%CVE-2026-54320HIGHDaytona: Cross-tenant organization takeover via invitation acceptance with an unverified emailEPSS 0.2%CVE-2025-2572MEDIUMWhatsUp Gold NmConfigurationManager.exe database manipulation vulnerabilityEPSS 0.2%CVE-2024-22247MEDIUMVMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.
A malicious actor with physical access to the EPSS 0.2%CVE-2025-27425MEDIUMQR code user confirmation bypass with invalid protocolEPSS 0.2%CVE-2024-38822LOWCVE-2024-38822 Salt AdvisoryEPSS 0.2%CVE-2023-42935MEDIUMAn authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be aEPSS 0.2%CVE-2025-0249LOWHCL IEM is affected by an improper invalidation of access or JWT token vulnerabilityEPSS 0.2%