Falhas do tipo CWE-288
584 resultadosCVE-2025-68620CRITICALSignal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated PollingEPSS 0.5%CVE-2024-49675HIGHWordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerabilityEPSS 0.5%CVE-2026-40621CRITICALELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated wiEPSS 0.5%CVE-2025-11621HIGHVault AWS auth method bypass due to AWS client cacheEPSS 0.5%CVE-2025-0749HIGHHomey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value CheckEPSS 0.5%CVE-2024-35124HIGHIBM OpenBMC authentication bypassEPSS 0.5%CVE-2026-12225HIGHsyracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-AgentEPSS 0.5%CVE-2025-68860CRITICALWordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2026-3461CRITICALVisa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing EmailEPSS 0.5%CVE-2026-33843CRITICALMicrosoft Azure Active Directory B2C Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-27390HIGHWordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerabilityEPSS 0.5%CVE-2024-13553CRITICALSMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege EscalationEPSS 0.5%CVE-2021-41992HIGHPingID Windows Login RSA cryptographic weakness with possible offline MFA bypassEPSS 0.5%CVE-2024-10490HIGHAuthentication bypass flaw in several mapp componentsEPSS 0.5%CVE-2025-3639LOWLiferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13EPSS 0.5%CVE-2019-5453—Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protectiEPSS 0.5%CVE-2026-48020HIGHTraefik StripPrefix Route-Level Auth Bypass via Path NormalizationEPSS 0.5%CVE-2026-22205HIGHSPIP < 4.4.10 Authentication Bypass via PHP Type JugglingEPSS 0.5%CVE-2025-30184CRITICALCyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or ChannelEPSS 0.5%CVE-2024-36470HIGHIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge casesEPSS 0.5%