Falhas do tipo CWE-290
466 resultadosCVE-2026-49468CRITICALLiteLLM: Authentication Bypass via Host Header InjectionEPSS 0.5%CVE-2026-22797CRITICALAn issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.1EPSS 0.5%CVE-2024-55210CRITICALAn issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket EPSS 0.5%CVE-2025-36594CRITICALDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 releasEPSS 0.4%CVE-2026-33433MEDIUMTraefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerFieldEPSS 0.4%CVE-2024-55470HIGHOqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode valiEPSS 0.4%CVE-2026-25660CRITICALAuthentication bypass for certain API callsEPSS 0.4%CVE-2024-22092HIGHBundlemanager has an authentication bypass vulnerabilityEPSS 0.4%CVE-2026-33175HIGHOAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email ClaimsEPSS 0.4%CVE-2024-20384MEDIUMA vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat DeEPSS 0.4%CVE-2026-3902HIGHASGI header spoofing via underscore/hyphen conflationEPSS 0.4%CVE-2023-51667MEDIUMWordPress Rate my Post – WP Rating System plugin <= 3.4.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2022-38164MEDIUMA vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attaEPSS 0.4%CVE-2026-21894MEDIUMn8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged WebhooksEPSS 0.4%CVE-2024-22139LOWWordPress WordPress Manutenção plugin <= 1.0.6 - Bypass vulnerabilityEPSS 0.4%CVE-2025-1298CRITICALLogic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.EPSS 0.4%CVE-2026-24000MEDIUMFleet has a rate limiting bypass via untrusted client IP headersEPSS 0.4%CVE-2023-51326MEDIUMA lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessiveEPSS 0.4%CVE-2023-51327MEDIUMA lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessiveEPSS 0.4%CVE-2023-5801—Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect iEPSS 0.4%