Fallos del tipo CWE-287

1853 resultados
CVE-2024-24554MEDIUMBludit - Insecure Token GenerationEPSS 0.2%CVE-2022-39901MEDIUMImproper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption EPSS 0.2%CVE-2021-3458MEDIUMThe Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.EPSS 0.2%CVE-2026-34873CRITICALAn issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.EPSS 0.2%CVE-2026-33215MEDIUMNATS is vulnerable to MQTT hijacking via Client IDEPSS 0.2%CVE-2026-44478HIGHhoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery TokenEPSS 0.2%CVE-2022-3681MEDIUMA vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless netwoEPSS 0.2%CVE-2026-26077MEDIUMDiscourse doesn't ensure webhooks require a tokenEPSS 0.2%CVE-2026-39322CRITICALPolarLearn: Any password authenticates banned accounts and grants API accessEPSS 0.2%CVE-2025-41110HIGHImproper Authentication vulnerability in Ghost Robotics' Vision 60EPSS 0.2%CVE-2025-1880LOWi-Drive i11/i12 Device Pairing authentication bypassEPSS 0.2%CVE-2023-21419MEDIUMAn improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under cEPSS 0.2%CVE-2025-68663MEDIUMOutline has a suspended user authentication bypass via WebSocket connectionsEPSS 0.2%CVE-2025-15484CRITICALOrder Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission BypassEPSS 0.2%CVE-2026-44351CRITICALfast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypassEPSS 0.2%CVE-2025-7630MEDIUMOTP Password Brute Forcing in DorukNet's WispotterEPSS 0.2%CVE-2026-8293HIGHReally Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP SkipEPSS 0.2%CVE-2025-11633MEDIUMTomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validationEPSS 0.2%CVE-2026-33512HIGHAVideo has an unauthenticated decrypt oracle leaking any ciphertextEPSS 0.2%CVE-2025-62398MEDIUMMoodle: possible to bypass mfaEPSS 0.2%