Fallos del tipo CWE-306

1720 resultados
CVE-2025-53034MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.2%CVE-2020-12484MEDIUMWhen using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprisEPSS 0.2%CVE-2026-41477HIGHDeskflow: Local privilege escalation via unauthenticated IPCEPSS 0.2%CVE-2026-44649CRITICALSillyTavern: Authentication Bypass via SSO Header InjectionEPSS 0.2%CVE-2026-5300MEDIUMMissing Authentication for Critical Function in coolercontroldEPSS 0.2%CVE-2026-3194LOWChia Blockchain RPC Server Master Passphrase get_private_key missing authenticationEPSS 0.2%CVE-2025-68716HIGHKAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configuEPSS 0.2%CVE-2026-44830HIGHEmpty API_TOKEN disables authentication on network-reachable HTTP/SSE transportEPSS 0.2%CVE-2026-49195HIGHPredator Connect W6x: unauthenticated Debug ServiceEPSS 0.2%CVE-2026-54036MEDIUMLibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP VerificationEPSS 0.2%CVE-2025-23293HIGHNVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized actioEPSS 0.2%CVE-2024-47130HIGHMissing Authentication for Critical Function in goTenna ProEPSS 0.2%CVE-2026-36603HIGHMercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, incluEPSS 0.2%CVE-2024-2104HIGHJBL: Improper BLE security configurations and lack of authentication on the device's GATT serverEPSS 0.2%CVE-2024-32765MEDIUMQTS, QuTS heroEPSS 0.2%CVE-2025-1495MEDIUMIBM Business Automation Workflow missing authenticationEPSS 0.2%CVE-2026-39848MEDIUMDockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database ManipulationEPSS 0.2%CVE-2022-50979MEDIUMMultiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (RS485)EPSS 0.2%CVE-2022-50980MEDIUMMultiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CANEPSS 0.2%CVE-2026-33715HIGHChamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer actionEPSS 0.2%