Weaknesses of type CWE-287
1,848 resultsCVE-2025-13427MEDIUMAuthentication Bypass in Dialogflow CX MessengerEPSS 0.3%CVE-2023-42554MEDIUMImproper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.EPSS 0.3%CVE-2024-51997HIGHThe Attestation Results Token can be arbitrarily modified without being detected in TrusteeEPSS 0.3%CVE-2022-40966HIGHAuthentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and acceEPSS 0.3%CVE-2026-44961NONEThe XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernamEPSS 0.3%CVE-2024-3826HIGHBroken SAML ValidationEPSS 0.3%CVE-2025-10293HIGHKeyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-54089CRITICALFile Browser: Authentication Bypass via Proxy Auth Header ForgeryEPSS 0.3%CVE-2026-10845HIGHIBM WebSphere Application Server is affected by an authentication bypass vulnerabilityEPSS 0.3%CVE-2025-69822HIGHAn issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privEPSS 0.3%CVE-2025-64103HIGHZitadel Bypass Second Authentication FactorEPSS 0.3%CVE-2024-5174MEDIUMBroken Authentication in GliffyEPSS 0.3%CVE-2025-45583CRITICALIncorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the servicEPSS 0.3%CVE-2022-25667HIGHInformation disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and NetworkingEPSS 0.3%CVE-2022-46774MEDIUMIBM Manage Application security bypassEPSS 0.3%CVE-2025-6505HIGHUnauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on LinuxEPSS 0.3%CVE-2024-56335HIGHPrivilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwardenEPSS 0.3%CVE-2026-30831HIGHRocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamerEPSS 0.3%CVE-2026-30967HIGHParse Server OAuth2 authentication adapter account takeover via identity spoofingEPSS 0.3%CVE-2026-49197CRITICALPredator Connect W6x: Improper AuthenticationEPSS 0.3%