Weaknesses of type CWE-306
1,704 resultsCVE-2022-46463HIGHAn access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. EPSS 6.2%CVE-2025-20700HIGHIn the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through BluetoothEPSS 6.2%CVE-2017-3184—ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory EPSS 5.9%CVE-2024-5721HIGHLogsign Unified SecOps Platform Missing Authentication Remote Code Execution VulnerabilityEPSS 5.8%CVE-2025-55583CRITICALD-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi EPSS 5.8%CVE-2024-21306MEDIUMMicrosoft Bluetooth Driver Spoofing VulnerabilityEPSS 5.8%CVE-2024-57725MEDIUMAn issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication,EPSS 5.8%CVE-2025-52692HIGHBypass AuthenticationEPSS 5.6%CVE-2026-3611CRITICALHoneywell IQ4x BMS Controller Missing authentication for critical functionEPSS 5.6%CVE-2025-14346CRITICALWHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within ranEPSS 5.5%CVE-2025-20702HIGHIn the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of priEPSS 5.2%CVE-2020-15798CRITICALA vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP MoEPSS 5.2%CVE-2017-3216—WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remoteEPSS 5.2%CVE-2018-10635—In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code EPSS 5.1%CVE-2017-13997—A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouchEPSS 5.1%CVE-2015-10141CRITICALXdebug Remote Debugger Unauthenticated OS Command ExecutionEPSS 5.0%CVE-2026-50507MEDIUMWindows BitLocker Security Feature Bypass VulnerabilityEPSS 5.0%CVE-2023-54335CRITICALeXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)EPSS 5.0%CVE-2020-10920CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touchEPSS 4.9%CVE-2017-2637CRITICALA design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd isEPSS 4.8%