Fallos del tipo CWE-287
1841 resultadosCVE-2025-45777CRITICALAn issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supEPSS 0.7%CVE-2024-1147CRITICALWeak Access Control - Arbitrary file downloadEPSS 0.7%CVE-2023-51477CRITICALWordPress BuddyBoss Theme theme <= 2.4.60 - Unauth. Arbitrary WordPress Settings Change vulnerabilityEPSS 0.7%CVE-2024-1148CRITICALWeak Access Control - Arbitrary file uploadEPSS 0.7%CVE-2023-51478CRITICALWordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerabilityEPSS 0.7%CVE-2023-3337HIGHPuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authenticationEPSS 0.7%CVE-2025-60534CRITICALBlue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests iEPSS 0.7%CVE-2026-49869CRITICALKestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`EPSS 0.7%CVE-2023-51442HIGHAuthentication bypass vulnerability in navidrome's subsonic endpointEPSS 0.7%CVE-2023-23460CRITICALPriority Web – Authentication bypass EPSS 0.7%CVE-2022-36133CRITICALThe WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.EPSS 0.7%CVE-2022-48364MEDIUMThe undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server'EPSS 0.7%CVE-2025-14567MEDIUMhaxxorsid Stock-Management-System employees missing authenticationEPSS 0.7%CVE-2024-27767CRITICALUnitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-287: Improper AuthenticationEPSS 0.7%CVE-2024-47080HIGHmatrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserverEPSS 0.7%CVE-2024-22206CRITICAL@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)EPSS 0.7%CVE-2023-43793HIGHMisskey allows users to bypass authentication of Bull dashboardEPSS 0.7%CVE-2025-60424HIGHA lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication vEPSS 0.7%CVE-2023-22497MEDIUMNetdata is vulnerable to improper authenticationEPSS 0.7%CVE-2026-25893CRITICALFUXA Unauthenticated Remote Code Execution via Admin JWT MintingEPSS 0.7%