Weaknesses of type CWE-304
31 resultsCVE-2026-30831HIGHRocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamerEPSS 0.3%CVE-2024-20153HIGHIn wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosuEPSS 0.3%CVE-2026-42452HIGHTermix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTPEPSS 0.3%CVE-2025-55138HIGHLinkJoin through 882f196 mishandles token ownership in password reset.EPSS 0.3%CVE-2025-5715LOWSignal App Biometric Authentication missing critical step in authenticationEPSS 0.3%CVE-2024-52965MEDIUMA missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.EPSS 0.3%CVE-2024-11302HIGHMissing check_access in lollms_binding_infos in parisneo/lollmsEPSS 0.2%CVE-2026-44547CRITICALChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2EPSS 0.2%CVE-2025-43014MEDIUMIn JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmationEPSS 0.2%CVE-2025-43798LOWLiferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time passwEPSS 0.2%CVE-2024-12136MEDIUMImproper Access Control in Elfatek Elektronics' ANKA JPD-00028EPSS 0.1%