Weaknesses of type CWE-306
1,687 resultsCVE-2017-10271HIGHVulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are EPSS 100.0%KEVCVE-2025-3248CRITICALLangflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/codeEPSS 100.0%KEVCVE-2022-1388CRITICALOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior EPSS 100.0%KEVCVE-2023-21839HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 99.8%KEVCVE-2020-13927CRITICALThe previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security riEPSS 99.7%KEVCVE-2024-0012CRITICALPAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)EPSS 99.7%KEVCVE-2021-37415CRITICALZoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authenticatioEPSS 99.6%KEVCVE-2026-33017CRITICALLangflow has Unauthenticated Remote Code Execution via Public Flow Build EndpointEPSS 98.4%KEVCVE-2020-6207CRITICALSAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication forEPSS 98.4%KEVCVE-2022-21587CRITICALVulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions tEPSS 98.3%KEVCVE-2025-0108HIGHPAN-OS: Authentication Bypass in the Management Web InterfaceEPSS 98.3%KEVCVE-2026-41940CRITICALWebPros cPanel and WHM Authentication Bypass via Login FlowEPSS 98.1%KEVCVE-2025-32433CRITICALErlang/OTP SSH Vulnerable to Pre-Authentication RCEEPSS 97.7%KEVCVE-2019-9082HIGHThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\appEPSS 97.4%KEVCVE-2025-34028CRITICALCommvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path TraversalEPSS 97.2%KEVCVE-2021-35587CRITICALVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affecEPSS 96.3%KEVCVE-2026-39987CRITICALmarimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication BypassEPSS 95.6%KEVCVE-2024-47575CRITICALA missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FoEPSS 94.8%KEVCVE-2020-6287CRITICALSAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows anEPSS 94.7%KEVCVE-2023-36846MEDIUMJunos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary filesEPSS 94.2%KEV