Weaknesses of type CWE-306
1,719 resultsCVE-2026-35295HIGHVulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are aEPSS 0.3%CVE-2026-46966HIGHVulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). SEPSS 0.3%CVE-2026-12819CRITICALDVP-12SE Missing Authentication and Unauthorized Write access VulnerabilityEPSS 0.3%CVE-2026-33951MEDIUMsignalk-server: Unauthenticated Source Priorities ManipulationEPSS 0.3%CVE-2026-47136MEDIUMRustFS: Unauthenticated RustFS console license endpoint exposes license metadataEPSS 0.3%CVE-2026-45044HIGHRustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlersEPSS 0.3%CVE-2026-55450CRITICALLangflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leakEPSS 0.3%CVE-2025-4382MEDIUMGrub2: grub allow access to encrypted device through cli once root device is unlocked via tpmEPSS 0.3%CVE-2025-41090HIGHImproper Access Control in CCN-CERT microCLAUDIAEPSS 0.3%CVE-2025-4560MEDIUMNetvision ISOinsight - Missing AuthenticationEPSS 0.3%CVE-2025-6226MEDIUMIDOR in CreatePost API allows for timeboxed message disclosureEPSS 0.3%CVE-2026-33159MEDIUMCraft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted usersEPSS 0.3%CVE-2025-13030MEDIUMAll versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An EPSS 0.3%CVE-2026-9142CRITICALInsecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not presentEPSS 0.3%CVE-2026-41273HIGHFlowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public ChatflowEPSS 0.3%CVE-2025-13483HIGHMissing Authentication for Critical Function in SiRcom SMART Alert (SiSA)EPSS 0.3%CVE-2026-8364CRITICALGladinet Triofox Missing Authentication for Critical FunctionsEPSS 0.3%CVE-2025-25736MEDIUMKapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pEPSS 0.3%CVE-2023-31033MEDIUMCVEEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%