Fallos del tipo CWE-306

1704 resultados
CVE-2025-61928CRITICALBetter Auth: Unauthenticated API key creation through api-key pluginEPSS 18.0%CVE-2010-5326CRITICALThe Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows rEPSS 17.9%KEVCVE-2025-58443CRITICALFOG's authentication bypass leads to full SQL DB dumpEPSS 17.6%CVE-2019-6543AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 20EPSS 17.3%CVE-2026-22812HIGHOpenCode's Unauthenticated HTTP Server Allows Arbitrary Command ExecutionEPSS 17.0%CVE-2024-10386CRITICALRockwell Automation FactoryTalk ThinManager Authentication VulnerabilityEPSS 16.6%CVE-2020-27986HIGHSonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE:EPSS 16.2%CVE-2021-28809CRITICALMissing Authentication for Critical Function in RTRR Server in HBS3EPSS 15.8%CVE-2026-36356CRITICALThe GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injecEPSS 15.4%CVE-2023-41183HIGHNETGEAR Orbi 760 SOAP API Authentication Bypass VulnerabilityEPSS 15.3%CVE-2023-27267CRITICALMultiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge)EPSS 14.2%CVE-2024-42455HIGHA vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserializatEPSS 14.0%CVE-2020-12004The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and IgnitEPSS 13.6%CVE-2018-5393TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authenticationEPSS 12.9%CVE-2021-22784A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attackerEPSS 12.1%CVE-2022-2138HIGHAdvantech iViewEPSS 10.9%CVE-2024-45844HIGHBIG-IP monitors vulnerabilityEPSS 10.6%CVE-2019-3978RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. ThEPSS 10.3%CVE-2026-25137CRITICALNixOs Odoo database and filestore publicly accessible with default odoo configurationEPSS 10.1%CVE-2025-41656CRITICALPilz: Missing Authentication in Node-RED integrationEPSS 10.0%