Fallos del tipo CWE-288
584 resultadosCVE-2024-9930CRITICALExtensions by HocWP Team <= 0.2.3.2 - Authentication BypassEPSS 0.5%CVE-2024-46887MEDIUMThe web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could EPSS 0.5%CVE-2025-1717HIGHLogin Me Now <= 1.7.2 - Authentication BypassEPSS 0.5%CVE-2023-39231HIGHPingFederate PingOne MFA IK Device Pairing Second Factor Authentication BypassEPSS 0.5%CVE-2024-10002HIGHRover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to AdministratorEPSS 0.5%CVE-2024-11981HIGHBillion Electric router - Authentication BypassEPSS 0.5%CVE-2025-6388CRITICALSpirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege EscalationEPSS 0.5%CVE-2025-11522CRITICALSearch & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account TakeoverEPSS 0.5%CVE-2025-9313CRITICALUnauthorized database access in Asseco mMedicaEPSS 0.5%CVE-2025-3844CRITICALPeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account TakeoverEPSS 0.5%CVE-2025-54713CRITICALWordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2026-30079CRITICALIn OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows autEPSS 0.5%CVE-2026-27049CRITICALWordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerabilityEPSS 0.5%CVE-2024-50487CRITICALWordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerabilityEPSS 0.5%CVE-2024-50486CRITICALWordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerabilityEPSS 0.5%CVE-2024-50489CRITICALWordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerabilityEPSS 0.5%CVE-2024-49604CRITICALWordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2025-1671CRITICALAcademist Membership <= 1.1.6 - Authentication Bypass via Account TakeoverEPSS 0.5%CVE-2024-49247CRITICALWordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2026-2096CRITICALFlowring|Agentflow - Missing AuthenticatonEPSS 0.5%