Falhas do tipo CWE-306

1.718 resultados
CVE-2023-1837HIGHMissing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affEPSS 0.5%CVE-2025-59695CRITICALEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on theEPSS 0.5%CVE-2023-24934MEDIUMMicrosoft Defender Security Feature Bypass VulnerabilityEPSS 0.5%CVE-2025-8350CRITICALAuthentication Bypass with Redirect in BiEticaret Software's BiEticaret CMSEPSS 0.5%CVE-2026-40620CRITICALSenseLive X3050 Missing authentication for critical functionEPSS 0.5%CVE-2025-70141CRITICALSourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enfoEPSS 0.5%CVE-2026-35053CRITICALOneUptime: Unauthenticated Workflow Execution via ManualAPIEPSS 0.5%CVE-2024-7940HIGHThe product exposes a service that is intended for local only to all network interfaces without any authentication.EPSS 0.5%CVE-2026-43920MEDIUMFOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance executionEPSS 0.5%CVE-2026-31071CRITICALAPI endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers caEPSS 0.5%CVE-2026-7415CRITICALOpen MQTT orchestration without read/write ACLs in Yarbo robot firmwareEPSS 0.5%CVE-2026-42074CRITICALOpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` InputEPSS 0.5%CVE-2026-30933HIGHFileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/infoEPSS 0.5%CVE-2026-49973CRITICALHermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settingsEPSS 0.5%CVE-2022-35136MEDIUMBoodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.EPSS 0.5%CVE-2023-40170MEDIUMcross-site inclusion (XSSI) of files in jupyter-serverEPSS 0.5%CVE-2024-50381HIGHMissing Authentication for Critical Function in Snap One OVRC cloudEPSS 0.5%CVE-2020-36873HIGHAstak CM-818T3 Unauthenticated Configuration DisclosureEPSS 0.5%CVE-2022-20861CRITICALCisco Nexus Dashboard Unauthorized Access VulnerabilitiesEPSS 0.5%CVE-2024-8530MEDIUMCWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generatEPSS 0.5%