Falhas do tipo CWE-288
586 resultadosCVE-2026-32031MEDIUMOpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels GatewayEPSS 0.2%CVE-2025-55012HIGHZed AI Agent Remote Code ExecutionEPSS 0.2%CVE-2025-68708LOWSailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock iEPSS 0.2%CVE-2024-25036MEDIUMIBM Cognos Controller authentication bypassEPSS 0.2%CVE-2025-59392MEDIUMOn Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (coEPSS 0.2%CVE-2022-40725HIGHPingID Desktop PIN attempt lockout bypass.EPSS 0.2%CVE-2025-68711LOWAppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical accesEPSS 0.2%CVE-2022-42276HIGHNVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flaEPSS 0.2%CVE-2022-42277HIGHNVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase EPSS 0.2%CVE-2025-43422MEDIUMThe issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a dEPSS 0.2%CVE-2025-68710LOWEasyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to EPSS 0.2%CVE-2025-12760MEDIUMEmail TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115EPSS 0.2%CVE-2025-13013MEDIUMMitigation bypass in the DOM: Core & HTML componentEPSS 0.2%CVE-2025-12431MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malEPSS 0.2%CVE-2025-24332HIGHAuthenticated admin user can connect baseband internally from one board to another without needing to re-authenticationEPSS 0.2%CVE-2025-46286MEDIUMA logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent pEPSS 0.2%CVE-2024-42178LOWHCL MyXalytics is affected by a failure to restrict URL access vulnerabilityEPSS 0.2%CVE-2024-41173HIGHBeckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSDEPSS 0.2%CVE-2026-3930MEDIUMUnsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions vEPSS 0.2%CVE-2025-6556MEDIUMInsufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policEPSS 0.2%