Falhas do tipo CWE-302
38 resultadosCVE-2024-47086HIGHOTP Bypass VulnerabilityEPSS 0.5%CVE-2026-39429HIGHkcp's cache server is accessible without authentication or authorization checksEPSS 0.4%CVE-2025-46647MEDIUMApache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connectEPSS 0.4%CVE-2025-26522HIGHAuthentication Bypass Vulnerability in RupeeWeb trading platformEPSS 0.4%CVE-2024-22179HIGHElectrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable DataEPSS 0.4%CVE-2024-8475MEDIUMProtection Mechanism Failure in Digital Operation Services' WiFiBuradaEPSS 0.4%CVE-2022-2503MEDIUMLinux Kernel LoadPin bypass via dm-verity table reloadEPSS 0.4%CVE-2025-20285MEDIUMCisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass VulnerabilityEPSS 0.3%CVE-2025-8855HIGH2FA Expiry Bypass in Optimus Software's Brokerage AutomationEPSS 0.3%CVE-2022-40703MEDIUMCWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior
on Android allows an unaEPSS 0.3%CVE-2026-40285HIGHWeGIA has SQL Injection via Session Variable Override in DespachoControle.phpEPSS 0.3%CVE-2026-28510MEDIUMelabftw allows MFA bypass during loginEPSS 0.3%CVE-2025-43992MEDIUMDell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutEPSS 0.2%CVE-2026-48781CRITICALPostiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgeryEPSS 0.2%CVE-2026-48117MEDIUMDroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account TakeoverEPSS 0.2%CVE-2026-27840MEDIUMZITADEL's truncated opaque tokens are still validEPSS 0.1%CVE-2024-45370HIGHAn authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A speciallEPSS 0.1%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%