Falhas do tipo CWE-287
1.843 resultadosCVE-2019-13423—Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kEPSS 0.7%CVE-2022-45724MEDIUMIncorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an EPSS 0.7%CVE-2025-24032CRITICALPAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)EPSS 0.7%CVE-2023-25597MEDIUMA vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shEPSS 0.7%CVE-2025-0070CRITICALImproper Authentication in SAP NetWeaver ABAP Server and ABAP PlatformEPSS 0.7%CVE-2026-4664MEDIUMCustomer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' ParameterEPSS 0.7%CVE-2025-4018MEDIUM20120630 Novel-Plus CrawlController.java addCrawlSource missing authenticationEPSS 0.7%CVE-2020-36832CRITICALIndeed Membership Pro 7.3 - 8.6 - Authentication BypassEPSS 0.7%CVE-2024-1610HIGHOPPO Store app include remote account token hijacking and sensitive information leakageEPSS 0.7%CVE-2026-3053MEDIUMDataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authenticationEPSS 0.7%CVE-2025-4015MEDIUM20120630 Novel-Plus SessionController.java list missing authenticationEPSS 0.7%CVE-2022-2757CRITICAL
Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing andEPSS 0.7%CVE-2024-11494HIGH**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_201403EPSS 0.7%CVE-2025-7875MEDIUMMetasoft 美特软件 MetaCRM debug.jsp improper authenticationEPSS 0.7%CVE-2025-7955CRITICALRingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify FunctionEPSS 0.7%CVE-2024-10097HIGHLoginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth providerEPSS 0.7%CVE-2023-32347HIGH
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the userEPSS 0.7%CVE-2025-54376HIGHHoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.EPSS 0.7%CVE-2025-9965CRITICALUDP Service Weak AuthenticationEPSS 0.7%CVE-2026-48611CRITICALImproper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to uEPSS 0.7%