Weaknesses of type CWE-306
1,715 resultsCVE-2024-12371CRITICALRockwell Automation PowerMonitor™ 1000 Remote Code ExecutionEPSS 0.5%CVE-2025-59695CRITICALEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on theEPSS 0.5%CVE-2023-46978HIGHTOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords withoutEPSS 0.5%CVE-2026-27012CRITICALUnauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.phpEPSS 0.5%CVE-2022-45794HIGHOmron CJ-series and CS-series unauthenticated filesystem access.EPSS 0.5%CVE-2023-31444HIGHIn Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of EPSS 0.5%CVE-2025-71318CRITICALNetMan 204 Missing Authentication for Administrative FunctionsEPSS 0.5%CVE-2026-5944MEDIUMCisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API AccessEPSS 0.5%CVE-2026-54088CRITICALFile Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)EPSS 0.5%CVE-2025-25224MEDIUMThe LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerabilityEPSS 0.5%CVE-2025-29870HIGHMissing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticaEPSS 0.5%CVE-2024-42017CRITICALAn issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenarEPSS 0.5%CVE-2025-30135CRITICALAn issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authenticaEPSS 0.5%CVE-2023-54350HIGHWordPress Augmented-Reality Plugin Remote Code Execution UnauthenticatedEPSS 0.5%CVE-2026-27772CRITICALEV Energy ev.energy Missing Authentication for Critical FunctionEPSS 0.5%CVE-2023-4857HIGH
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI caEPSS 0.5%CVE-2025-30215CRITICALNATS-Server Fails to Authorize Certain Jetstream Admin APIsEPSS 0.5%CVE-2024-45438CRITICALAn issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.phEPSS 0.5%CVE-2024-0949CRITICALImproper Access Control in Talya Informatics' ElektrawebEPSS 0.5%CVE-2022-4240MEDIUMUnauthenticated API allowing an attacker to obtain the information about network resourcesEPSS 0.5%