Falhas do tipo CWE-290

466 resultados

CVE-2025-34063CRITICALOneLogin AD Connector JWT Authentication Bypass via Exposed Signing KeyEPSS 0.5%CVE-2024-33531HIGHcdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the valuEPSS 0.5%CVE-2025-59706CRITICALIn N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.EPSS 0.5%CVE-2025-59707CRITICALIn N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulEPSS 0.5%CVE-2024-6163MEDIUMlocal IP restriction of internal HTTP endpointsEPSS 0.5%CVE-2024-21494MEDIUMAll versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For hEPSS 0.5%CVE-2025-30144MEDIUMFast-JWT Improperly Validates iss ClaimsEPSS 0.5%CVE-2026-39858HIGHTraefik: Forwarded alias spoofing top pre-auth decision bypassEPSS 0.5%CVE-2025-49004HIGHHijacking Caido instance during the initial setup via DNS Rebinding to achieve RCEEPSS 0.5%CVE-2023-44463MEDIUMAn issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-ForwEPSS 0.5%CVE-2023-41133MEDIUMWordPress Secure Admin IP plugin <= 2.0 - IP Spoofing vulnerabilityEPSS 0.5%CVE-2024-54450CRITICALAn issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi applEPSS 0.5%CVE-2026-36537CRITICALThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusEPSS 0.5%CVE-2023-3243HIGH ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a pEPSS 0.5%CVE-2020-27276—SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A moEPSS 0.5%CVE-2026-33661HIGHWeChat Pay callback signature verification bypassed when Host header is localhostEPSS 0.5%CVE-2024-49214MEDIUMQUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address.EPSS 0.5%CVE-2026-46414HIGHMicrosoft UFO WebSocket role spoofing allows authenticated peer task hijackingEPSS 0.5%CVE-2024-30522MEDIUMWordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerabilityEPSS 0.5%CVE-2026-33654HIGHZero-Click Indirect Prompt Injection and Authentication Bypass via Email PollingEPSS 0.5%

← anteriorpágina 9 / 24próxima →