Falhas do tipo CWE-290

466 resultados

CVE-2025-68644HIGHYealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanEPSS 0.3%CVE-2026-27089HIGHWordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerabilityEPSS 0.3%CVE-2026-53849HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFromEPSS 0.3%CVE-2026-31889HIGHShopware has a potential take over of app credentialsEPSS 0.3%CVE-2025-48027MEDIUMThe HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginservEPSS 0.3%CVE-2024-5812LOWSmart Rule Overwrite Bypass in BeyondInsight PasswordSafeEPSS 0.3%CVE-2025-32275MEDIUMWordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerabilityEPSS 0.3%CVE-2023-29147—In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier EPSS 0.3%CVE-2025-30142HIGHAn issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the solEPSS 0.3%CVE-2025-27916HIGHAn issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients isEPSS 0.3%CVE-2024-31784MEDIUMAn issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payEPSS 0.3%CVE-2026-11019MEDIUMInappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2025-30110MEDIUMOn IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC addEPSS 0.3%CVE-2026-0890MEDIUMSpoofing issue in the DOM: Copy & Paste and Drag & Drop componentEPSS 0.3%CVE-2024-1524HIGHA local user can be impersonated when using federated authentication with Silent JIT Provisioning.EPSS 0.3%CVE-2023-28803MEDIUMTraffic being bypassed by ZCC by configuring synthetic IP range as local networkEPSS 0.3%CVE-2020-6158MEDIUMOpera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to triEPSS 0.3%CVE-2025-32227MEDIUMWordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerabilityEPSS 0.3%CVE-2024-8399MEDIUMWebsites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.EPSS 0.3%CVE-2023-49794MEDIUMThe logic of get apk path in KernelSU module can be bypassedEPSS 0.3%

← anteriorpágina 19 / 24próxima →