Falhas do tipo CWE-287

1.846 resultados
CVE-2026-5616MEDIUMJeecgBoot AI Chat JeecgBizToolsProvider.java missing authenticationEPSS 0.4%CVE-2026-10167MEDIUMOUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authenticationEPSS 0.4%CVE-2025-15581MEDIUMOrthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. EPSS 0.4%CVE-2022-39238MEDIUMImproper Authentication in Arvados when using PAM as identity providerEPSS 0.4%CVE-2026-1305MEDIUMJapanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order ManipulationEPSS 0.4%CVE-2026-4349MEDIUMDuende IdentityServer4 Token Renewal Endpoint authorize improper authenticationEPSS 0.4%CVE-2025-62349HIGHSalt Master authentication protocol downgrade may enable minion impersonationEPSS 0.4%CVE-2025-57278HIGHThe LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handlinEPSS 0.4%CVE-2024-23767HIGHAn issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's EPSS 0.4%CVE-2026-32305HIGHTraefik mTLS bypass via fragmented ClientHello SNI extraction failureEPSS 0.4%CVE-2026-5676MEDIUMTotolink A8000R cstecgi.cgi setLanguageCfg missing authenticationEPSS 0.4%CVE-2026-10777MEDIUMealpha072 Student-Management-System Administrative Backend config.php improper authenticationEPSS 0.4%CVE-2023-48747MEDIUMWordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification VulnerabilityEPSS 0.4%CVE-2025-52553MEDIUMauthentik has Insufficient Session verification for Remote Access Control endpoint accessEPSS 0.4%CVE-2026-7710MEDIUMYunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authenticationEPSS 0.4%CVE-2026-8214MEDIUMIndustrial Application Software IAS Canias ERP RMI doAction improper authenticationEPSS 0.4%CVE-2026-8244MEDIUMIndustrial Application Software IAS Canias ERP Login RMI improper authenticationEPSS 0.4%CVE-2026-46921HIGHVulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that EPSS 0.4%CVE-2024-50641HIGHAn authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access APIEPSS 0.4%CVE-2023-40020CRITICALImproper Authentication in PrivateUploaderEPSS 0.4%