Fallos del tipo CWE-306

1719 resultados
CVE-2026-5000MEDIUMPromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authenticationEPSS 0.4%CVE-2026-56299MEDIUMCapgo - Denial of Service via Unauthenticated OPTIONS Request to /build/upload EndpointEPSS 0.4%CVE-2026-6582MEDIUMTransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authenticationEPSS 0.4%CVE-2026-6577MEDIUMliangliangyy DjangoBlog logtracks Endpoint views.py missing authenticationEPSS 0.4%CVE-2025-0132MEDIUMCortex XDR Broker VM: Unauthenticated User Can Disable Internal ServicesEPSS 0.4%CVE-2026-6129MEDIUMzhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authenticationEPSS 0.4%CVE-2025-14577CRITICALPHP Function Injection in Slican NPC/IPL/IPM/IPUEPSS 0.4%CVE-2024-21146HIGHVulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affecEPSS 0.4%CVE-2026-2491MEDIUMSocomec DIRIS A-40 HTTP API Authentication Bypass VulnerabilityEPSS 0.4%CVE-2024-53623HIGHIncorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.EPSS 0.4%CVE-2024-8074CRITICALSensetive Data Exposure in Nomysoft Informatics' NomysemEPSS 0.4%CVE-2026-3356CRITICALMissing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum MonitorEPSS 0.4%CVE-2023-45140MEDIUMGroup-based JIT MFA bypass on scp and sftp in The BastionEPSS 0.4%CVE-2026-34411MEDIUMAppsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIsEPSS 0.4%CVE-2026-31241MEDIUMThe mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint EPSS 0.4%CVE-2024-8057MEDIUMImproper Access Control in danswer-ai/danswerEPSS 0.4%CVE-2026-31244MEDIUMThe mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). TEPSS 0.4%CVE-2025-10267MEDIUMNewType Infortech|NUP Portal - Missing AuthenticationEPSS 0.4%CVE-2025-56562HIGHAn incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC aEPSS 0.4%CVE-2023-36926LOWInformation disclosure vulnerability in SAP Host AgentEPSS 0.4%