Weaknesses of type CWE-306
1,720 resultsCVE-2026-35514MEDIUMUnauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in ChartbrewEPSS 0.2%CVE-2026-3527MEDIUMAJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022EPSS 0.2%CVE-2022-48621MEDIUMVulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect EPSS 0.2%CVE-2026-44320HIGHfree5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing pathEPSS 0.2%CVE-2021-23843HIGHLack of authentication mechanisms on the deviceEPSS 0.2%CVE-2025-0275MEDIUMHCL BigFix Mobile 3.3 and earlier is affected by improper access controlEPSS 0.2%CVE-2024-6895MEDIUMInsecure Account Profile ManagementEPSS 0.2%CVE-2025-0274MEDIUMHCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access controlEPSS 0.2%CVE-2026-54068MEDIUMSiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIconEPSS 0.2%CVE-2023-48426CRITICALChromecast Bootloader & Kernel-level code-execution including compromise of user-dataEPSS 0.2%CVE-2025-20085HIGHA denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted EPSS 0.2%CVE-2024-49572HIGHA denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network pEPSS 0.2%CVE-2023-6949MEDIUMA Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 EPSS 0.2%CVE-2026-40184LOWUnauthenticated Access to Uploaded Files in TREKEPSS 0.2%CVE-2026-24177HIGHNVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of thEPSS 0.2%CVE-2026-48692HIGHFastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initializEPSS 0.2%CVE-2025-32063MEDIUMEnabling SSH server on Infotainment ECUEPSS 0.2%CVE-2026-44949HIGHUnauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhookEPSS 0.2%CVE-2022-3312MEDIUMInsufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass manEPSS 0.2%CVE-2026-1920MEDIUMBooktics <= 1.0.16 - Missing Authorization to Addon Plugin InstallationEPSS 0.2%