Fallos del tipo CWE-287

1853 resultados
CVE-2026-45289MEDIUMCloudburstMC Protocol: Partially missing validation for FULL type authentication tokensEPSS 0.1%CVE-2026-39969MEDIUMTypeBot: WhatsApp Webhook Endpoint Missing Signature VerificationEPSS 0.1%CVE-2022-41737HIGHIBM Spectrum Scale security bypassEPSS 0.1%CVE-2025-32875MEDIUMAn issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforcedEPSS 0.1%CVE-2022-48305MEDIUMThere is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of tEPSS 0.1%CVE-2019-6197HIGHA vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2019-6198HIGHA vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2025-68712MEDIUMSpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentiEPSS 0.1%CVE-2026-49454CRITICALRelyra SAML SignatureValue not cryptographically verified -> authentication bypassEPSS 0.1%CVE-2025-25201MEDIUMImproper Validation of Admin Key in PIV SmartcardEPSS 0.1%CVE-2023-41751MEDIUMSensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) bEPSS 0.1%CVE-2024-38825MEDIUMCVE-2024-38825 Salt AdvisoryEPSS 0.1%CVE-2025-48909HIGHBypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentialiEPSS 0.1%CVE-2025-64432MEDIUMKubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation LayerEPSS 0.1%CVE-2026-48991MEDIUMXianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validationEPSS 0.1%CVE-2025-53169HIGHVulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this EPSS 0.1%CVE-2026-40109LOWFlux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggeringEPSS 0.1%CVE-2026-39411MEDIUMLobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` headerEPSS 0.1%CVE-2022-41590MEDIUMSome smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful explEPSS 0.1%CVE-2023-24852HIGHImproper Authentication in CoreEPSS 0.1%