Falhas do tipo CWE-1390
81 resultadosCVE-2025-40554CRITICALSolarWinds Web Help Desk Authentication Bypass VulnerabilityEPSS 58.4%CVE-2025-40552CRITICALSolarWinds Web Help Desk Authentication Bypass VulnerabilityEPSS 51.7%CVE-2025-27740HIGHActive Directory Certificate Services Elevation of Privilege VulnerabilityEPSS 3.0%CVE-2024-49019HIGHActive Directory Certificate Services Elevation of Privilege VulnerabilityEPSS 2.0%CVE-2024-38239HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 1.7%CVE-2025-26635MEDIUMWindows Hello Security Feature Bypass VulnerabilityEPSS 1.3%CVE-2023-24890MEDIUMMicrosoft OneDrive for iOS Security Feature Bypass VulnerabilityEPSS 1.2%CVE-2024-8322MEDIUMWeak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker tEPSS 1.1%CVE-2024-35248HIGHMicrosoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2025-24070HIGHASP.NET Core and Visual Studio Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2024-38182CRITICALMicrosoft Dynamics 365 Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2022-43400CRITICALA vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component ofEPSS 0.9%CVE-2023-49340CRITICALAn issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privilegEPSS 0.9%CVE-2025-26343HIGHA CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthEPSS 0.8%CVE-2024-34451CRITICALGhost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headeEPSS 0.8%CVE-2023-41900LOWJetty's OpenId Revoked authentication allows one requestEPSS 0.8%CVE-2025-59249HIGHMicrosoft Exchange Server Elevation of Privilege VulnerabilityEPSS 0.7%CVE-2024-0822HIGHOvirt: authentication bypassEPSS 0.7%CVE-2024-54092CRITICALA vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (AlEPSS 0.7%CVE-2025-23058HIGHAuthenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management InterfaceEPSS 0.7%