Falhas do tipo CWE-288
586 resultadosCVE-2025-4797CRITICALGolo <= 1.7.0 - Authentication Bypass to Account TakeoverEPSS 0.4%CVE-2024-10311HIGHExternal Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication BypassEPSS 0.4%CVE-2025-67041CRITICALAn issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properEPSS 0.4%CVE-2026-2784CRITICALMitigation bypass in the DOM: Security componentEPSS 0.4%CVE-2025-23504CRITICALWordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerabilityEPSS 0.4%CVE-2025-5190HIGHBrowse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via CookieEPSS 0.4%CVE-2019-25763CRITICALWordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication BypassEPSS 0.4%CVE-2026-42668HIGHWordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2026-33950CRITICALsignalk-server: Privilege Escalation by Admin Role Injection via /enableSecurityEPSS 0.4%CVE-2025-2080CRITICALOptigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management serviEPSS 0.4%CVE-2026-27389CRITICALWordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerabilityEPSS 0.4%CVE-2025-13539CRITICALFindAll Membership <= 1.0.4 - Authentication Bypass via Social LoginEPSS 0.4%CVE-2026-25035CRITICALWordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerabilityEPSS 0.4%CVE-2023-49564HIGHAuthentication BypassEPSS 0.4%CVE-2025-50904CRITICALThere is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerEPSS 0.4%CVE-2025-25171HIGHWordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerabilityEPSS 0.4%CVE-2026-8321MEDIUMinkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypassEPSS 0.4%CVE-2024-5322CRITICALN-central Authentication Bypass via Session RebindingEPSS 0.4%CVE-2025-51452CRITICALIn TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.EPSS 0.4%CVE-2024-21491MEDIUMVersions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures oEPSS 0.4%