Falhas do tipo CWE-287
1.841 resultadosCVE-2023-21817HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2022-35135HIGHBoodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.EPSS 0.8%CVE-2023-29463HIGHPavilion8 Security Misconfiguration VulnerabilityEPSS 0.8%CVE-2024-1817HIGHDemososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authenticationEPSS 0.8%CVE-2021-3424—A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can registeEPSS 0.8%CVE-2022-22289MEDIUMImproper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.EPSS 0.8%CVE-2022-21692MEDIUMImproper Access Control in OnionshareEPSS 0.8%CVE-2024-11015CRITICALSign In With Google <= 1.8.0 - Authentication Bypass in authenticate_userEPSS 0.8%CVE-2024-7012CRITICALPuppet-foreman: an authentication bypass vulnerability exists in foremanEPSS 0.8%CVE-2023-5329MEDIUMField Logic DataCube4 Web API improper authenticationEPSS 0.8%CVE-2022-3465HIGHMediabridge Medialink index.asp improper authenticationEPSS 0.8%CVE-2019-15620—Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another sharedEPSS 0.8%CVE-2022-37397HIGHThe software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active DirectoryEPSS 0.8%CVE-2022-39355CRITICALDiscourse Patreon vulnerable to improper validation of email during Patreon authenticationEPSS 0.8%CVE-2018-17928—The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing thEPSS 0.8%CVE-2024-7401HIGHClient Enrollment Process BypassEPSS 0.8%CVE-2024-38139HIGHMicrosoft Dataverse Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2022-44569HIGHA locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.EPSS 0.8%CVE-2021-32543MEDIUMSysJust CTS Web - Broken AuthenticationEPSS 0.8%CVE-2022-39184CRITICALEXFO - BV-10 Performance Endpoint Unit Authentication bypassEPSS 0.8%