Fallos del tipo CWE-287
1849 resultadosCVE-2024-7487MEDIUMImproper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native AuthenticationEPSS 0.3%CVE-2025-31228MEDIUMThe issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physiEPSS 0.3%CVE-2025-29773MEDIUMFroxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account TakeoverEPSS 0.3%CVE-2025-15346CRITICALwolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirementEPSS 0.3%CVE-2020-10709—A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to proviEPSS 0.3%CVE-2026-10560HIGHUnauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSSEPSS 0.3%CVE-2026-35261MEDIUMVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that EPSS 0.3%CVE-2023-30560MEDIUM PCU Configuration Lacks AuthenticationEPSS 0.3%CVE-2026-44847HIGHMaxKB: Webhook Trigger Authentication BypassEPSS 0.3%CVE-2025-54786MEDIUMSuiteCRM: Legacy iCal service allows unauthenticated access to meeting dataEPSS 0.3%CVE-2024-23219MEDIUMThe issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpEPSS 0.3%CVE-2026-39324CRITICALRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserializationEPSS 0.3%CVE-2026-32246HIGHTinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpointEPSS 0.3%CVE-2022-34887MEDIUMStandard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenEPSS 0.3%CVE-2026-40910MEDIUMfrp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access controlEPSS 0.3%CVE-2025-3659CRITICALImproper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAPEPSS 0.3%CVE-2025-1024HIGHSession Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID ParameterEPSS 0.3%CVE-2025-9815HIGHalaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authenticationEPSS 0.3%CVE-2025-54573MEDIUMCVAT vulnerable to email verification bypass by use of basic authenticationEPSS 0.3%CVE-2024-45036MEDIUMImproper Access Control Vulnerability When Accessing a Maliciously Crafted Tophat LinkEPSS 0.3%