Weaknesses of type CWE-306
1,722 resultsCVE-2024-39707MEDIUMInsyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could leEPSS 0.2%CVE-2025-64770HIGHMissing Authentication for ONVIF in iCam CamerasEPSS 0.2%CVE-2026-0247MEDIUMPrisma Access Agent Endpoint DLP: Authorization Bypass VulnerabilitiesEPSS 0.2%CVE-2020-12492LOWWifi information acquisition vulnerability in Framework ServicesEPSS 0.2%CVE-2025-30041CRITICALMissing authentication in APIs returning statistical data along with session IDsEPSS 0.2%CVE-2025-65010HIGHMissing authorizations for admin panel password change in WODESYS WD-R608U routerEPSS 0.2%CVE-2025-55581HIGHD-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. EPSS 0.2%CVE-2025-30039CRITICALMissing authentication in API returning a list of all active sessionsEPSS 0.2%CVE-2023-52947MEDIUMMissing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3EPSS 0.2%CVE-2025-55073MEDIUMMS Teams plugin OAuth allows editing arbitrary postsEPSS 0.2%CVE-2026-47672MEDIUMepa4all-client: Unauthenticated REST API for Patient Record WritesEPSS 0.2%CVE-2025-0129CRITICALPrisma Access Browser: Inappropriate control behavior in Prisma Access BrowserEPSS 0.2%CVE-2025-10991HIGHRoot Access via UARTEPSS 0.2%CVE-2025-62674HIGHMissing Authentication for RTSP in iCam CamerasEPSS 0.2%CVE-2024-2860HIGHThe PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker EPSS 0.2%CVE-2026-42095MEDIUMbookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.EPSS 0.2%CVE-2026-10054HIGHIn affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shellEPSS 0.2%CVE-2023-5935HIGHMissing authentication for local web interface in Arc before v1.6.0EPSS 0.2%CVE-2026-44592CRITICALGradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoningEPSS 0.2%CVE-2024-12957HIGHA file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion.
Refer to the '01/23/2025 SEPSS 0.2%