Falhas do tipo CWE-287
1.838 resultadosCVE-2018-10682CRITICALAn issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without EPSS 8.2%CVE-2012-6440MEDIUMRockwell Automation ControlLogix PLC Improper Input ValidationEPSS 8.1%CVE-2025-59934CRITICALFormbricks missing JWT signature verificationEPSS 8.0%CVE-2018-7532—Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IPEPSS 7.9%CVE-2018-14826—Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with EPSS 7.7%CVE-2021-24527—Profile Builder < 3.4.9 - Admin Access via Password ResetEPSS 7.7%CVE-2024-5805CRITICALMOVEit Gateway Authentication Bypass VulnerabilityEPSS 7.6%CVE-2025-53786HIGHMicrosoft Exchange Server Hybrid Deployment Elevation of Privilege VulnerabilityEPSS 7.4%CVE-2021-4073CRITICALRegistrationMagic <= 5.0.1.7 Authentication BypassEPSS 7.0%CVE-2026-41276HIGHFlowise: AccountService resetPassword Authentication Bypass VulnerabilityEPSS 6.9%CVE-2017-12337—A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could aEPSS 6.4%CVE-2025-63207CRITICALThe R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentEPSS 6.2%CVE-2020-12145MEDIUMSilver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers.EPSS 6.0%CVE-2023-37266CRITICALWeak json web token (JWT) secrets in CasaOSEPSS 5.9%CVE-2022-0715HIGHA CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a keEPSS 5.8%CVE-2025-10365CRITICALAuthentication Bypass in Evertz SDVNEPSS 5.8%CVE-2021-21513HIGHDell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configEPSS 5.7%CVE-2022-0492HIGHA vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certaEPSS 5.5%KEVCVE-2017-6747—A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypaEPSS 5.5%CVE-2021-42949CRITICALThe component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackEPSS 5.5%