Fallos del tipo CWE-287
1844 resultadosCVE-2026-41428CRITICALBudibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected EndpointsEPSS 0.4%CVE-2024-5012HIGHWhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure VulnerabilityEPSS 0.4%CVE-2024-45346HIGHGetApps application has code execution vulnerabilityEPSS 0.4%CVE-2025-27403HIGHRatify Azure authentication providers can leak authentication tokens to non-Azure container registriesEPSS 0.4%CVE-2023-50127MEDIUMHozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from EPSS 0.4%CVE-2026-25804HIGHAntrea has invalid enforcement order for network policy rules caused by integer overflowEPSS 0.4%CVE-2026-34072HIGHcronmaster: Middleware authentication bypass enabling unauthorized page access and server-action executionEPSS 0.4%CVE-2026-24038HIGHHorilla HR has 2FA Bypass through its OTP Handling LogicEPSS 0.4%CVE-2025-49591HIGHCryptPad 2FA Bypass VulnerabilityEPSS 0.4%CVE-2021-4314MEDIUMIt is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. ThiEPSS 0.4%CVE-2025-0637CRITICALInadequate access control in Beta10EPSS 0.4%CVE-2025-14002HIGHWPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTPEPSS 0.4%CVE-2026-42869CRITICALSOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC toolsEPSS 0.4%CVE-2025-53845MEDIUMAn improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenEPSS 0.4%CVE-2020-5224MEDIUMSession key exposure through session list in Django User SessionsEPSS 0.4%CVE-2026-33175HIGHOAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email ClaimsEPSS 0.4%CVE-2026-41070CRITICALopenvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN accessEPSS 0.4%CVE-2021-25424—Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take ovEPSS 0.4%CVE-2025-22375CRITICALAuthentication Bypass in CyberAudit-WebEPSS 0.4%CVE-2024-34093MEDIUMAn issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attEPSS 0.4%