Fallos del tipo CWE-306

1720 resultados
CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2023-7328MEDIUMScreen SFT DAB 600/C <= 1.9.3 Unauthenticated Information DisclosureEPSS 0.3%CVE-2024-27892HIGHOn affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).EPSS 0.3%CVE-2026-46928HIGHVulnerability in the Oracle Spares Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that EPSS 0.3%CVE-2026-46916HIGHVulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management SpecEPSS 0.3%CVE-2026-46972HIGHVulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). SupEPSS 0.3%CVE-2026-22924HIGHA vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthentiEPSS 0.3%CVE-2025-10772MEDIUMhuggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authenticationEPSS 0.3%CVE-2025-56405HIGHAn issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP serviceEPSS 0.3%CVE-2025-25268HIGHUnauthenticated Configuration Access via Exposed API EndpointEPSS 0.3%CVE-2025-42875MEDIUMMissing Authentication check in SAP NetWeaver Internet Communication FrameworkEPSS 0.3%CVE-2026-45332HIGHAutomad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpointEPSS 0.3%CVE-2025-27853HIGHThe locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performsEPSS 0.3%CVE-2026-11848HIGHIEI Integration Corp| iRM-IEI Remote Management - Missing AuthenticationEPSS 0.3%CVE-2024-9919HIGHMissing Authentication Check in parisneo/lollms-webuiEPSS 0.3%CVE-2024-27169HIGHLack of authenticationEPSS 0.3%CVE-2026-48814CRITICALNetwork-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)EPSS 0.3%CVE-2025-8627HIGHUnauthenticated Protocol Commands on TP-Link KP303EPSS 0.3%CVE-2026-28458HIGHOpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket EndpointEPSS 0.3%CVE-2026-10283MEDIUMBottelet DaybydayCRM Setting missing authenticationEPSS 0.3%