Weaknesses of type CWE-287
1,853 resultsCVE-2026-4829MEDIUMImproper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user tEPSS 0.2%CVE-2026-25922HIGHauthentik has a Signature Verification Bypass via SAML Assertion WrappingEPSS 0.2%CVE-2026-44711HIGHpam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruptionEPSS 0.2%CVE-2026-56294MEDIUMcapacitor-native-biometric - Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceededEPSS 0.2%CVE-2022-26858MEDIUMDell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vEPSS 0.2%CVE-2025-64434MEDIUMKubeVirt Improper TLS Certificate Management Handling Allows API Identity SpoofingEPSS 0.2%CVE-2024-4601MEDIUMImproper Authentication vulnerability in Socomec Net VisionEPSS 0.2%CVE-2021-3784MEDIUMGaruda Linux Improper AuthorizationEPSS 0.2%CVE-2025-37731MEDIUMElasticsearch Improper AuthenticationEPSS 0.2%CVE-2021-25430—Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the BEPSS 0.2%CVE-2024-9133MEDIUMA user with administrator privileges is able to retrieve authentication tokensEPSS 0.2%CVE-2023-21460MEDIUMImproper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.EPSS 0.2%CVE-2024-36266HIGHA vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authenEPSS 0.2%CVE-2022-37345HIGHImproper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentiallyEPSS 0.2%CVE-2025-64517MEDIUMsudo-rs doesn't record authenticating user properly in timestampEPSS 0.2%CVE-2026-45153MEDIUMNextcloud: PIN bypass in PassCodeActivity via back buttonEPSS 0.2%CVE-2022-36370HIGHImproper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged uEPSS 0.2%CVE-2022-48575LOWA person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issueEPSS 0.2%CVE-2026-12112HIGHForeman-mcp-server: mcp server: active session hijacking via insecure session state reuseEPSS 0.2%CVE-2023-21437MEDIUMImproper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive informEPSS 0.2%