CVEs classified under CWE-291, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-66602 — CVSS 9.8 (critical): A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a…
CVE-2022-46415 — CVSS 9.1 (critical): DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To…
CVE-2024-23309 — CVSS 9.0 (critical): The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on…
CVE-2025-34202 — CVSS 8.8 (high): Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments)…
CVE-2025-59101: Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully…
CVE-2026-3690 — CVSS 7.4 (high): OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected…
CVE-2023-35906 — CVSS 5.3 (medium): IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
CVE-2024-32765 — CVSS 4.2 (medium): A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated…