Fallos del tipo CWE-287

1847 resultados
CVE-2026-30223HIGHOliveTin: JWT Audience Validation Bypass in Local Key and HMAC ModesEPSS 0.3%CVE-2025-10772MEDIUMhuggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authenticationEPSS 0.3%CVE-2026-33746CRITICALConvoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary UsersEPSS 0.3%CVE-2026-56080MEDIUMCap-go - Authentication Logic Flaw in Enforce Password PolicyEPSS 0.3%CVE-2026-28428MEDIUMTalishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game ActionsEPSS 0.3%CVE-2025-53545MEDIUMPress has a potential 2FA bypassEPSS 0.3%CVE-2026-44196CRITICALPingvin Share X: TOTP Authentication Bypass via Password-only LoginEPSS 0.3%CVE-2026-49443HIGHauthentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the APIEPSS 0.3%CVE-2025-54761HIGHAn issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.EPSS 0.3%CVE-2026-48896HIGHJoomla! Core - [20260511] - MFA Authentication BypassEPSS 0.3%CVE-2023-29062LOWUnsecure Identity VerificationEPSS 0.3%CVE-2025-52054MEDIUMAn issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the deEPSS 0.3%CVE-2024-40778LOWAn authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadEPSS 0.3%CVE-2026-41571CRITICALNote Mark: OIDC-registered users authenticated by submitting password "null"EPSS 0.3%CVE-2026-30836CRITICALStep CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)EPSS 0.3%CVE-2025-41108CRITICALImproper Authentication vulnerability in Ghost Robotics' Vision 60EPSS 0.3%CVE-2026-56345CRITICALAVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo EndpointEPSS 0.3%CVE-2023-20012MEDIUMCisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass VulnerabilityEPSS 0.3%CVE-2026-10283MEDIUMBottelet DaybydayCRM Setting missing authenticationEPSS 0.3%CVE-2026-55666CRITICALRocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuthEPSS 0.3%