Weaknesses of type CWE-287

1,853 results
CVE-2023-24852HIGHImproper Authentication in CoreEPSS 0.1%CVE-2025-6723MEDIUMUntrusted user data can lead to privilege escalationEPSS 0.1%CVE-2026-47272HIGHpam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG bufferEPSS 0.1%CVE-2023-21471MEDIUMImproper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system pEPSS 0.1%CVE-2020-9250LOWThere is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software pacEPSS 0.1%CVE-2026-47838MEDIUMUnauthorized User Impersonation when Using X.509 Client CertificatesEPSS 0.1%CVE-2025-6044MEDIUMAn Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices aEPSS 0.1%CVE-2021-25347MEDIUMHijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the providerEPSS 0.1%CVE-2026-20655MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOEPSS 0.1%CVE-2022-25832MEDIUMImproper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app withouEPSS 0.1%CVE-2021-25389LOWImproper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.EPSS 0.1%CVE-2024-40653HIGHIn multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a loEPSS 0.1%CVE-2024-42038HIGHVulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect serviceEPSS 0.1%CVE-2018-11952HIGHImproper Authentication in TrustZoneEPSS 0.1%CVE-2023-2626HIGHAuthentication Bypass in OpenThread Boarder Router devicesEPSS 0.1%CVE-2022-25816MEDIUMImproper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable withoEPSS 0.1%CVE-2022-25833LOWImproper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permiEPSS 0.1%CVE-2021-25484MEDIUMImproper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.EPSS 0.1%CVE-2025-10684MEDIUMConstruction Light < 1.6.8 - Subscriber+ Arbitrary Plugin ActivationEPSS 0.1%CVE-2022-25817MEDIUMImproper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.EPSS 0.1%