Falhas do tipo CWE-306
1.704 resultadosCVE-2025-4008HIGHArbitrary Command Injection in Smartbedded MeteoBridgeEPSS 93.9%KEVCVE-2021-44077CRITICALZoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unEPSS 93.5%KEVCVE-2026-20253CRITICALUnauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk EnterpriseEPSS 92.1%KEVCVE-2024-5910CRITICALExpedition: Missing Authentication Leads to Admin Account TakeoverEPSS 91.7%KEVCVE-2024-11680CRITICALProjectSend Unauthenticated Configuration ModificationEPSS 91.6%KEVCVE-2020-3952CRITICALUnder certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC)EPSS 90.4%KEVCVE-2026-35273CRITICALVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported vEPSS 89.8%KEVCVE-2025-61757CRITICALVulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affectEPSS 88.3%KEVCVE-2026-24423CRITICALSmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub APIEPSS 87.7%KEVCVE-2022-26143CRITICALThe TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers toEPSS 87.6%KEVCVE-2024-51567CRITICALupgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication andEPSS 86.7%KEVCVE-2021-45232—security vulnerability on unauthorized access.EPSS 85.9%CVE-2023-36847MEDIUMJunos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary filesEPSS 84.7%KEVCVE-2022-24990CRITICALTerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/aEPSS 84.0%KEVCVE-2021-25094—Tatsu < 3.3.12 - Unauthenticated RCEEPSS 83.5%CVE-2023-21931HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 82.3%CVE-2021-33543CRITICALUDP Technology/Geutebrück camera devices: Authentication BypassEPSS 82.1%CVE-2014-9195—Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical FunctionEPSS 81.1%CVE-2021-1499MEDIUMCisco HyperFlex HX Data Platform File Upload VulnerabilityEPSS 80.4%CVE-2023-27532HIGHVulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. ThisEPSS 77.6%KEV