Falhas do tipo CWE-287
1.843 resultadosCVE-2026-44058MEDIUMAuthentication bypass via admin auth userEPSS 0.5%CVE-2022-23540MEDIUMjsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()EPSS 0.5%CVE-2022-37774MEDIUMThere is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an aEPSS 0.5%CVE-2025-30215CRITICALNATS-Server Fails to Authorize Certain Jetstream Admin APIsEPSS 0.5%CVE-2024-52518MEDIUMNextcloud Server is missing password confirmation when changing external storage optionsEPSS 0.5%CVE-2024-36402MEDIUMUnauthenticated writes to the media repository allow planting of problematic content in Matrix Media RepoEPSS 0.5%CVE-2024-41798CRITICALA vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from adminEPSS 0.5%CVE-2026-30863CRITICALParse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adaptersEPSS 0.5%CVE-2024-10114HIGHSocial Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth providerEPSS 0.5%CVE-2025-52395CRITICALAn issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint tEPSS 0.5%CVE-2023-25790MEDIUMWordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes InjectionEPSS 0.5%CVE-2023-4816MEDIUMA vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. EPSS 0.5%CVE-2025-3850MEDIUMYXJ2018 SpringBoot-Vue-OnlineExam API improper authenticationEPSS 0.5%CVE-2025-30361CRITICALWeGIA Vulnerable to Broken Authentication - Old Password ValidationEPSS 0.5%CVE-2023-38735MEDIUMIBM Cognos Dashboards improper authenticationEPSS 0.5%CVE-2022-0985—Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary mEPSS 0.5%CVE-2023-25559HIGHSystem account impersonation in DataHubEPSS 0.5%CVE-2023-45669MEDIUMImproper signature counter value handling in webauthn4j-spring-security EPSS 0.5%CVE-2026-29792CRITICALFeathersjs has an OAuth Callback Account TakeoverEPSS 0.5%CVE-2025-68717CRITICALKAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints EPSS 0.5%