Weaknesses of type CWE-287
1,849 resultsCVE-2025-65925MEDIUMAn issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without EPSS 0.2%CVE-2023-31189MEDIUMImproper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable eEPSS 0.2%CVE-2026-28800MEDIUMNatro Macro: Malicious actions allowed through Discord RC Commands by any userEPSS 0.2%CVE-2022-48254MEDIUMThere is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication.EPSS 0.2%CVE-2021-28493HIGHIn Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be abEPSS 0.2%CVE-2023-32453MEDIUM
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit thEPSS 0.2%CVE-2026-48897HIGHJoomla! Core - [20260512] - MFA Authentication BypassEPSS 0.2%CVE-2026-34736MEDIUMOpen edX Platform: Account Activation Bypass via activation_key Exposure in REST APIEPSS 0.2%CVE-2026-45283MEDIUMNextcloud: Files Lock app allows users to lock and unlock files of other usersEPSS 0.2%CVE-2025-59704HIGHEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu becausEPSS 0.2%CVE-2026-49502HIGHDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with aEPSS 0.2%CVE-2026-11703MEDIUMMissing SNI/ALPN binding on stateful (session-ID) TLS session resumptionEPSS 0.2%CVE-2021-25377LOWIntent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attEPSS 0.2%CVE-2026-44547CRITICALChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2EPSS 0.2%CVE-2024-39767MEDIUMSpoofed push notifications from malicious serverEPSS 0.2%CVE-2026-44720MEDIUMOpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account TakeoverEPSS 0.2%CVE-2023-20924MEDIUMIn (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of prEPSS 0.2%CVE-2025-54154MEDIUMQNAP AuthenticatorEPSS 0.2%CVE-2026-31946CRITICALOpenOLAT: Authentication bypass via forged JWT in OIDC implicit flowEPSS 0.2%CVE-2024-6174HIGHWhen a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init dEPSS 0.2%