Weaknesses of type CWE-303
86 resultsCVE-2024-8314MEDIUMImproper session handling in B&R APROLEPSS 0.3%CVE-2025-43727HIGHDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releasEPSS 0.3%CVE-2025-43856HIGHimmich allows account hijacking through oauth2EPSS 0.3%CVE-2025-53782HIGHMicrosoft Exchange Server Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2023-5627HIGHIncorrect Implementation of Authentication Algorithm VulnerabilityEPSS 0.3%CVE-2025-12421CRITICALAccount Takeover via Code Exchange EndpointEPSS 0.3%CVE-2025-12419CRITICALAccount takeover on OAuth/OpenID-enabled serversEPSS 0.3%CVE-2026-8922MEDIUMOrg.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-servicesEPSS 0.3%CVE-2023-4641MEDIUMShadow-utils: possible password leak during passwd(1) changeEPSS 0.3%CVE-2025-44557HIGHA state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing procesEPSS 0.3%CVE-2024-34722HIGHIn smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a proEPSS 0.3%CVE-2019-25436MEDIUMSricam DeviceViewer 3.12.0.1 Password Change Security BypassEPSS 0.2%CVE-2026-32953MEDIUMTillitis: TKey Client has an Error in Protocol ImplementationEPSS 0.2%CVE-2025-4676HIGHAuthentication bypass by brute forcing Authentication HeadersEPSS 0.2%CVE-2025-8881MEDIUMInappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engagEPSS 0.2%CVE-2025-14273HIGHMattermost Jira plugin user spoofing enables Jira request forgery.EPSS 0.2%CVE-2024-52586MEDIUMeLabFTW MFA bypassEPSS 0.2%CVE-2024-36250LOWMFA Code ReplayEPSS 0.2%CVE-2025-48994MEDIUMSignXML's signature verification with HMAC is vulnerable to an algorithm confusion attackEPSS 0.2%CVE-2025-2475MEDIUMUnauthorized Bot Login Using CredentialsEPSS 0.2%