Falhas do tipo CWE-287
1.853 resultadosCVE-2022-30749LOWImproper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing EPSS 0.2%CVE-2023-28073HIGH
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerabilEPSS 0.2%CVE-2022-33862MEDIUMImproper access control mechanism in IPPEPSS 0.2%CVE-2021-33159HIGHImproper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may alEPSS 0.2%CVE-2022-2752MEDIUMPotential vulnerabilities in GM login processEPSS 0.2%CVE-2022-45118MEDIUMTelephony in communication subsystem sends public events with personal data, but the permission is not set.EPSS 0.2%CVE-2022-42488HIGHStartup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.EPSS 0.2%CVE-2024-12310HIGHBypass of Login Screen on Shared Kiosk WorkstationsEPSS 0.2%CVE-2022-37931HIGHA vulnerability in NetBatch-Plus software allows unauthorized access to the applicationEPSS 0.2%CVE-2025-46590MEDIUMBypass vulnerability in the network search instruction authentication module
Impact: Successful exploitation of this vulnerability can bypasEPSS 0.2%CVE-2025-0217HIGHPrivileged Remote Access Authentication BypassEPSS 0.2%CVE-2026-49848MEDIUMFreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`EPSS 0.2%CVE-2023-31292MEDIUMAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive informaEPSS 0.2%CVE-2025-68931HIGHJervis has AES CBC Mode Without AuthenticationEPSS 0.2%CVE-2026-47202CRITICALKavita: Pre-Auth Account TakeoverEPSS 0.2%CVE-2022-45877HIGHPIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.EPSS 0.2%CVE-2022-43900MEDIUMIBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypassEPSS 0.2%CVE-2026-49203HIGHUnauthenticated eSIM Configuration ManipulationEPSS 0.2%CVE-2026-4829MEDIUMImproper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user tEPSS 0.2%CVE-2025-41459HIGHInsecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOSEPSS 0.2%