Weaknesses of type CWE-287

1,849 results
CVE-2025-54154MEDIUMQNAP AuthenticatorEPSS 0.2%CVE-2025-6083MEDIUMExtremeCloud Universal ZTNA Improper AuthorizationEPSS 0.2%CVE-2026-11718CRITICALAn authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. EPSS 0.2%CVE-2022-22283LOWImproper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.EPSS 0.2%CVE-2024-6174HIGHWhen a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init dEPSS 0.2%CVE-2025-0981HIGHSession Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description FieldEPSS 0.2%CVE-2025-67859MEDIUMPolkit Authorization Check can be Bypassed in the TLP power daemonEPSS 0.2%CVE-2025-0672LOWAuthentication Bypass in Multiple WSO2 Products via Stale FIDO Credential AssociationEPSS 0.2%CVE-2025-53013MEDIUMHimmelblau offline auth permits authentication with invalid Hello PINEPSS 0.2%CVE-2023-0209HIGHNVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which mayEPSS 0.2%CVE-2025-29906HIGHFinit bundled getty can bypass /bin/loginEPSS 0.2%CVE-2023-32661MEDIUMImproper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version EPSS 0.2%CVE-2022-28790MEDIUMImproper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper calleEPSS 0.2%CVE-2022-47974MEDIUMThe Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the BlueEPSS 0.2%CVE-2026-6729MEDIUMHKUDS OpenHarness Session Key Collision Privilege EscalationEPSS 0.2%CVE-2022-48314MEDIUMThe Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerabEPSS 0.2%CVE-2023-2638MEDIUMRockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service AttackEPSS 0.2%CVE-2025-25451MEDIUMAn issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_autEPSS 0.2%CVE-2026-11717CRITICALAn authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. EPSS 0.2%CVE-2022-34380CRITICALDell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privEPSS 0.2%