Fallos del tipo CWE-287
1853 resultadosCVE-2026-9084MEDIUMMISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurationsEPSS 0.2%CVE-2026-4587MEDIUMHybridAuth SSL Curl.php certificate validationEPSS 0.2%CVE-2025-64434MEDIUMKubeVirt Improper TLS Certificate Management Handling Allows API Identity SpoofingEPSS 0.2%CVE-2023-28073HIGH
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerabilEPSS 0.2%CVE-2022-30749LOWImproper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing EPSS 0.2%CVE-2023-31015MEDIUMNVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful EPSS 0.2%CVE-2022-33862MEDIUMImproper access control mechanism in IPPEPSS 0.2%CVE-2021-33159HIGHImproper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may alEPSS 0.2%CVE-2022-2752MEDIUMPotential vulnerabilities in GM login processEPSS 0.2%CVE-2022-42488HIGHStartup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.EPSS 0.2%CVE-2022-45118MEDIUMTelephony in communication subsystem sends public events with personal data, but the permission is not set.EPSS 0.2%CVE-2024-12310HIGHBypass of Login Screen on Shared Kiosk WorkstationsEPSS 0.2%CVE-2022-37931HIGHA vulnerability in NetBatch-Plus software allows unauthorized access to the applicationEPSS 0.2%CVE-2025-46590MEDIUMBypass vulnerability in the network search instruction authentication module
Impact: Successful exploitation of this vulnerability can bypasEPSS 0.2%CVE-2025-0217HIGHPrivileged Remote Access Authentication BypassEPSS 0.2%CVE-2023-31292MEDIUMAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive informaEPSS 0.2%CVE-2026-49848MEDIUMFreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`EPSS 0.2%CVE-2025-68931HIGHJervis has AES CBC Mode Without AuthenticationEPSS 0.2%CVE-2026-47202CRITICALKavita: Pre-Auth Account TakeoverEPSS 0.2%CVE-2022-45877HIGHPIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.EPSS 0.2%