Fallos del tipo CWE-287

1853 resultados
CVE-2026-11717CRITICALAn authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. EPSS 0.2%CVE-2022-34380CRITICALDell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privEPSS 0.2%CVE-2023-3028HIGHImproper backend communication allows access and manipulation of the telemetry dataEPSS 0.2%CVE-2021-25506MEDIUMNon-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial oEPSS 0.2%CVE-2022-21794HIGHImproper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits befEPSS 0.2%CVE-2023-28377MEDIUMImproper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authEPSS 0.2%CVE-2026-0633LOWMetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie ValueEPSS 0.2%CVE-2025-52294MEDIUMInsufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen aEPSS 0.2%CVE-2022-43451HIGHMultiple path traversal in appspawn and nwebspawn services.EPSS 0.2%CVE-2023-26455MEDIUMRMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access couldEPSS 0.2%CVE-2025-31267MEDIUMAn authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physicaEPSS 0.2%CVE-2026-27968MEDIUMPackistry accepts expired access tokensEPSS 0.2%CVE-2026-48117MEDIUMDroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account TakeoverEPSS 0.2%CVE-2026-34389MEDIUMFleet's user account creation via invite does not enforce invited email addressEPSS 0.2%CVE-2023-0036MEDIUMplatform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".EPSS 0.2%CVE-2023-0035MEDIUMsoftbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".EPSS 0.2%CVE-2026-33314MEDIUMpyload-ng: Improper Authentication and Origin Validation ErrorEPSS 0.2%CVE-2026-9084MEDIUMMISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurationsEPSS 0.2%CVE-2026-4587MEDIUMHybridAuth SSL Curl.php certificate validationEPSS 0.2%CVE-2023-28073HIGH Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerabilEPSS 0.2%