Weaknesses of type CWE-290
466 resultsCVE-2025-66508MEDIUM1Panel IP Access Control Bypass via Untrusted X-Forwarded-For HeadersEPSS 0.2%CVE-2023-5616MEDIUMIn Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activaEPSS 0.2%CVE-2024-27853MEDIUMThis issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass GatekeEPSS 0.2%CVE-2026-32014HIGHOpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform FieldsEPSS 0.2%CVE-2024-58124HIGHAccess control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrityEPSS 0.2%CVE-2024-58125HIGHAccess control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrityEPSS 0.2%CVE-2024-58126HIGHAccess control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrityEPSS 0.2%CVE-2024-58127HIGHAccess control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrityEPSS 0.2%CVE-2025-31170HIGHAccess control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrityEPSS 0.2%CVE-2023-6044MEDIUMA privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate LeEPSS 0.2%CVE-2026-56357MEDIUMn8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook TriggerEPSS 0.2%CVE-2024-36557MEDIUMThe device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch CallEPSS 0.2%CVE-2026-27478CRITICALUnity Catalog has a JWT Issuer Validation Bypass Allows Complete User ImpersonationEPSS 0.2%CVE-2025-48906HIGHAuthentication bypass vulnerability in the DSoftBus module
Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.2%CVE-2026-7422HIGHMAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet ProcessingEPSS 0.2%CVE-2025-66270MEDIUMThe KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on deskEPSS 0.2%CVE-2026-39309MEDIUMTrilium Notes: macOS TCC Bypass via Prompt SpoofingEPSS 0.2%CVE-2025-36119HIGHIBM i authentication bypassEPSS 0.2%CVE-2023-41069MEDIUMThis issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to lEPSS 0.2%CVE-2026-53833HIGHQQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming CommandEPSS 0.2%