Weaknesses of type CWE-290
466 resultsCVE-2024-32708LOWWordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerabilityEPSS 0.4%CVE-2023-51542MEDIUMWordPress Branda plugin <= 3.4.14 - IP Restriction Bypass vulnerabilityEPSS 0.4%CVE-2023-41134MEDIUMWordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerabilityEPSS 0.4%CVE-2025-62235HIGHApache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairingEPSS 0.4%CVE-2025-43503MEDIUMAn inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOSEPSS 0.4%CVE-2020-7326MEDIUMMcAfee MAR - Improperly implemented security checkEPSS 0.4%CVE-2025-60538MEDIUMA lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.EPSS 0.4%CVE-2024-8386MEDIUMIf a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform EPSS 0.4%CVE-2024-20363MEDIUMMultiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unautEPSS 0.4%CVE-2024-7745MEDIUMMulti-Factor Authentication Bypass in Progress WS_FTP ServerEPSS 0.4%CVE-2026-22734HIGHCloud Foundry UAA SAML 2.0 Signature BypassEPSS 0.4%CVE-2024-43944LOWWordPress Maintenance & Coming Soon Redirect Animation plugin <= 2.3.3 - Bypass Vulnerability vulnerabilityEPSS 0.4%CVE-2024-55232MEDIUMAn IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to EPSS 0.4%CVE-2025-31511HIGHAn issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20BuiEPSS 0.4%CVE-2026-49231LOWApache APISIX: Identity spoofing issue in APISIX opa pluginEPSS 0.4%CVE-2024-8901MEDIUMLack of JWT issuer and signer validationEPSS 0.4%CVE-2023-51323MEDIUMA lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessivEPSS 0.4%CVE-2023-51321MEDIUMA lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking Software v1.0 allows attackers to send an excessivEPSS 0.4%CVE-2025-28128HIGHAn issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.EPSS 0.4%CVE-2025-56449HIGHA security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling EPSS 0.4%