Fallos del tipo CWE-290
466 resultadosCVE-2019-3775HIGHUAA allows users to modify their own email addressEPSS 0.9%CVE-2024-29006CRITICALApache CloudStack: x-forwarded-for HTTP header parsed by defaultEPSS 0.9%CVE-2025-21415CRITICALAzure AI Face Service Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2026-25119HIGHGogs: Authentication Bypass via Unvalidated Reverse Proxy HeadersEPSS 0.9%CVE-2023-42843HIGHAn inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS EPSS 0.9%CVE-2022-0030HIGHPAN-OS: Authentication Bypass in Web InterfaceEPSS 0.8%CVE-2024-5037HIGHOpenshift/telemeter: iss check during jwt authentication can be bypassedEPSS 0.8%CVE-2025-5605MEDIUMAuthentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information DisclosureEPSS 0.8%CVE-2023-2887CRITICALUser Authentication Bypass in CBOT's ChatbotEPSS 0.8%CVE-2024-34397MEDIUMAn issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals frEPSS 0.8%CVE-2021-20278—An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When EPSS 0.8%CVE-2020-2033MEDIUMGlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookieEPSS 0.8%CVE-2022-24858MEDIUMDefault redirect callback vulnerable to open redirectsEPSS 0.7%CVE-2024-36466HIGHUnauthenticated Zabbix frontend takeover when SSO is being usedEPSS 0.7%CVE-2023-32207HIGHA missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerabiEPSS 0.7%CVE-2024-23674CRITICALThe Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A mEPSS 0.7%CVE-2023-21794MEDIUMMicrosoft Edge (Chromium-based) Spoofing VulnerabilityEPSS 0.7%CVE-2022-4746HIGHFluentAuth < 1.0.2 - Bypass blocks by IP SpoofingEPSS 0.7%CVE-2022-3820MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not pEPSS 0.7%CVE-2023-48396CRITICALApache SeaTunnel Web: Authentication bypassEPSS 0.7%