Falhas do tipo CWE-288

584 resultados
CVE-2024-50477CRITICALWordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerabilityEPSS 8.0%CVE-2024-9989CRITICALCrypto <= 2.18 - Authentication Bypass via log_inEPSS 7.2%CVE-2023-2437CRITICALUserPro <= 5.1.1 - Authentication Bypass to AdministratorEPSS 6.8%CVE-2025-69985CRITICALFUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in theEPSS 5.6%CVE-2024-11639CRITICALAn authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrativeEPSS 4.8%CVE-2018-5386Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leakEPSS 4.6%CVE-2023-2734CRITICALMStore API <= 3.9.1 - Authentication BypassEPSS 3.8%CVE-2018-17918Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.EPSS 3.8%CVE-2025-0674CRITICALElber Communications Equipment Authentication Bypass Using an Alternate Path or ChannelEPSS 3.8%CVE-2021-28131Impala logs contain secretsEPSS 3.3%CVE-2019-6551Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafteEPSS 3.3%CVE-2021-36308MEDIUMNetworking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remotEPSS 3.2%CVE-2025-49125HIGHApache Tomcat: Security constraint bypass for pre/post-resourcesEPSS 3.2%CVE-2024-8943CRITICALLatePoint <= 5.0.12 - Authentication BypassEPSS 3.0%CVE-2025-24472HIGHAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.EPSS 3.0%KEVCVE-2017-9944A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 8EPSS 3.0%CVE-2025-55338MEDIUMWindows BitLocker Security Feature Bypass VulnerabilityEPSS 2.9%CVE-2023-3277CRITICALMStore API <= 4.10.7 - Unauthorized Account Access and Privilege EscalationEPSS 2.9%CVE-2022-0992CRITICALSiteGround Security <= 1.2.5 - Authentication Bypass via 2FA SetupEPSS 2.9%CVE-2018-4852A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to theEPSS 2.8%