Weaknesses of type CWE-290

471 results
CVE-2018-25361HIGHSoroush IM Desktop App 0.17.0 Authentication Bypass via Database InjectionEPSS 0.1%CVE-2025-13455HIGHA vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authEPSS 0.1%CVE-2026-44118HIGHOpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token HeaderEPSS 0.1%CVE-2025-27389MEDIUMApplication Installation Source Verification Flaw May Lead to Risk Detection BypassEPSS 0.1%CVE-2026-6090HIGHA potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arEPSS 0.1%CVE-2026-53832HIGHOpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy ConfigurationEPSS 0.1%CVE-2025-26428LOWIn startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead toEPSS 0.1%CVE-2025-26421MEDIUMIn multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of priviEPSS 0.1%CVE-2025-26419LOWIn initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to localEPSS 0.1%CVE-2026-58593HIGHNodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local UserEPSS CVE-2026-24270CRITICALNVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability EPSS