Falhas do tipo CWE-288
586 resultadosCVE-2022-23720HIGHPingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties fileEPSS 0.2%CVE-2026-50194HIGHSteeltoe vulnerable to management-port isolation bypass via spoofed Host headerEPSS 0.2%CVE-2025-22862MEDIUMAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.EPSS 0.2%CVE-2020-11005MEDIUMInternal NCryptDecrypt method could be used externally from WindowsHello library.EPSS 0.2%CVE-2025-13980MEDIUMCKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118EPSS 0.2%CVE-2025-32357MEDIUMIn Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base EPSS 0.2%CVE-2026-47200MEDIUMNuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`EPSS 0.2%CVE-2026-42745HIGHWordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerabilityEPSS 0.2%CVE-2026-1747MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLabEPSS 0.2%CVE-2025-40761HIGHA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (AllEPSS 0.2%CVE-2025-40743HIGHA vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINEPSS 0.2%CVE-2026-35654MEDIUMOpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback InvokeEPSS 0.2%CVE-2022-22189HIGHContrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authenticationEPSS 0.2%CVE-2026-36175MEDIUMAn issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access viaEPSS 0.2%CVE-2024-29853HIGHAn authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.EPSS 0.2%CVE-2025-13986MEDIUMDisable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124EPSS 0.2%CVE-2023-23503—A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 EPSS 0.2%CVE-2025-13018HIGHMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2025-48010MEDIUMOne Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061EPSS 0.2%CVE-2026-48491HIGHTraefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypassEPSS 0.2%