Weaknesses of type CWE-306
1,722 resultsCVE-2025-15567MEDIUMInsufficient protection mechanisms in the Health Module may lead to partial information disclosure.EPSS 0.1%CVE-2019-25483HIGHComtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k Restricted Shell EscapeEPSS 0.1%CVE-2026-42289HIGHChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege EscalationEPSS 0.1%CVE-2026-22174MEDIUMOpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP ProbeEPSS 0.1%CVE-2024-9062HIGHmacOS Archify: Local Privilege EscalationEPSS 0.1%CVE-2026-4522MEDIUMMissing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception.
This issue affeEPSS 0.1%CVE-2026-24062HIGHInsufficient XPC Client validation leading to local privilege escalation in Arturia Software CenterEPSS 0.1%CVE-2025-41686HIGHImproper File Permissions Allow Local Privilege EscalationEPSS 0.1%CVE-2026-6369MEDIUMExposed Session Token in canonical-livepatch client snapEPSS 0.1%CVE-2026-33788HIGHJunos OS Evolved: Local, authenticated attacker can gain privileged access to FPCsEPSS 0.1%CVE-2026-25599MEDIUMMissing authentication and clear‑text data transmission affecting Orca heat pumpsEPSS 0.1%CVE-2026-21767MEDIUMHCL BigFix Platform is affected by insufficient authenticationEPSS 0.1%CVE-2026-45610MEDIUMWWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FAEPSS 0.1%CVE-2026-32041HIGHOpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth BootstrapEPSS 0.1%CVE-2026-46685MEDIUMRustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on consoleEPSS 0.1%CVE-2026-9045HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise foEPSS 0.1%CVE-2025-31963LOWHCL BigFix IVR is impacted by improper authentication and missing CSRF protectionEPSS 0.1%CVE-2025-47357HIGHMissing Authentication for Critical Function in SMSSEPSS 0.1%CVE-2026-24088HIGHMissing Authentication for Critical Function in BootEPSS 0.1%CVE-2025-48608MEDIUMIn isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead toEPSS 0.1%