Fallos del tipo CWE-306

1720 resultados
CVE-2026-46827HIGHVulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affecEPSS 0.3%CVE-2026-2844CRITICALTimePictra Authentication Bypass VulnerabilityEPSS 0.3%CVE-2025-15509HIGHThe SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.EPSS 0.3%CVE-2026-31846HIGHUnauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+EPSS 0.3%CVE-2026-45577MEDIUMNeotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypassEPSS 0.2%CVE-2025-30048MEDIUMUnauthenticated access to module configuration endpointEPSS 0.2%CVE-2026-32896MEDIUMOpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles PluginEPSS 0.2%CVE-2025-30037HIGHMissing authentication in APIs allowing data retrieval and modificationEPSS 0.2%CVE-2024-57055MEDIUMServer-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain servEPSS 0.2%CVE-2025-7706MEDIUMImproper Access Control in TUBITAK BILGEM's LiderahenkEPSS 0.2%CVE-2026-42176MEDIUMScoold: Persistent Admin Takeover by Overwriting the admins Configuration Setting via Forged JWT (missing `jti` validation)EPSS 0.2%CVE-2026-46959HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2026-46958HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2021-32453MEDIUMSITEL CAP/PRX information exposureEPSS 0.2%CVE-2024-56469MEDIUMIBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authenticationEPSS 0.2%CVE-2024-3219MEDIUMPure-Python fallback of socket.socketpair() doesn’t authenticate peer connectionEPSS 0.2%CVE-2026-31944HIGHLibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect linkEPSS 0.2%CVE-2026-45567HIGHRoxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gptEPSS 0.2%CVE-2026-35514MEDIUMUnauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in ChartbrewEPSS 0.2%CVE-2026-3527MEDIUMAJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022EPSS 0.2%