Weaknesses of type CWE-290
460 resultsCVE-2024-4358CRITICALRegistration Authentication Bypass VulnerabilityEPSS 97.5%KEVCVE-2022-24112CRITICALapisix/batch-requests plugin allows overwriting the X-REAL-IP headerEPSS 96.2%KEVCVE-2022-23131CRITICALUnsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAMLEPSS 95.7%KEVCVE-2021-29441HIGHAuthentication bypassEPSS 74.8%CVE-2021-31195MEDIUMMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 73.7%CVE-2020-7388CRITICALSage X3 AdxAdmin Unauthenticated Command Execution Bypass by SpoofingEPSS 70.3%CVE-2024-54085CRITICALRedfish Authentication BypassEPSS 61.2%KEVCVE-2021-34646CRITICALBooster for WooCommerce <= 5.4.3 Authentication BypassEPSS 50.9%CVE-2025-49002HIGHDataease H2 Database Remote Code Execution (RCE) Bypass VulnerabilityEPSS 41.8%CVE-2020-10136—IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network trafficEPSS 26.5%CVE-2023-30803CRITICALSangfor Next-Gen Application Firewall Authentication BypassEPSS 18.2%CVE-1999-0012HIGHSome web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.EPSS 18.2%CVE-2024-41107HIGHApache CloudStack: SAML Signature ExclusionEPSS 17.8%CVE-2023-50224MEDIUMTP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure VulnerabilityEPSS 17.4%KEVCVE-2024-21518HIGHThis affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to imEPSS 14.1%CVE-2022-3180CRITICALWPGateway <= 3.5 - Unauthenticated Privilege EscalationEPSS 8.8%CVE-2024-12108CRITICALWhatsUp Gold - Public API signing key rotation issueEPSS 6.8%CVE-2023-3128CRITICALGrafana is validating Azure AD accounts based on the email claim.
On Azure AD, the profile email field is not unique and can be easily modEPSS 4.1%CVE-2025-32966HIGHDataease H2 JDBC Connection Remote Code ExecutionEPSS 3.9%CVE-2022-39227CRITICALPython-jwt subject to Authentication Bypass by SpoofingEPSS 3.6%