Falhas do tipo CWE-288
584 resultadosCVE-2024-36470HIGHIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge casesEPSS 0.5%CVE-2025-52338MEDIUMAn issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypassEPSS 0.5%CVE-2025-1315CRITICALInWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password ResetEPSS 0.5%CVE-2019-5455—Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.EPSS 0.5%CVE-2025-7642CRITICALSimpler Checkout 0.7.0 - 1.1.9 - Authentication BypassEPSS 0.5%CVE-2021-4373HIGHBetter Search <= 2.5.2 - Cross-Site Request Forgery to Settings ImportEPSS 0.5%CVE-2024-47574HIGHA authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versiEPSS 0.5%CVE-2025-8359CRITICALAdForest <= 6.0.9 - Authentication Bypass to AdminEPSS 0.5%CVE-2026-40022HIGHApache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtimeEPSS 0.5%CVE-2021-33017HIGHPhilips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or ChannelEPSS 0.5%CVE-2024-1525MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLabEPSS 0.5%CVE-2025-6688CRITICALSimple Payment 1.3.6 - 2.3.8 - Authentication Bypass to AdminEPSS 0.5%CVE-2025-47461HIGHWordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerabilityEPSS 0.4%CVE-2025-45607CRITICALAn issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.EPSS 0.4%CVE-2025-60041HIGHWordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2026-4700CRITICALMitigation bypass in the Networking: HTTP componentEPSS 0.4%CVE-2025-22277HIGHWordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2026-26117HIGHArc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2024-35151MEDIUMIBM OpenPages information disclosureEPSS 0.4%CVE-2025-4973CRITICALWorkreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'EPSS 0.4%