Fallos del tipo CWE-306
1717 resultadosCVE-2026-13007HIGHInsecure Public Caching on REST API Endpoints in Tenable Identity ExposureEPSS 0.4%CVE-2024-52285MEDIUMA vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < VEPSS 0.4%CVE-2026-35267HIGHVulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affectEPSS 0.4%CVE-2026-35265HIGHVulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 1EPSS 0.4%CVE-2023-37373MEDIUMA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file writeEPSS 0.4%CVE-2018-25136HIGHFLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream DisclosureEPSS 0.4%CVE-2026-22207CRITICALOpenViking Missing root_api_key Allows Anonymous ROOT AccessEPSS 0.4%CVE-2024-35143MEDIUMIBM Planning Analytics Local missing authenticationEPSS 0.4%CVE-2026-4959MEDIUMOpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authenticationEPSS 0.4%CVE-2026-31881HIGHRuntipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset windowEPSS 0.4%CVE-2020-36904CRITICALSelea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration EndpointEPSS 0.4%CVE-2024-10774HIGHSICK InspectorP61x and SICK InspectorP62x have unauthenticated CROWN APIsEPSS 0.4%CVE-2025-11949HIGHDigiwin|EasyFlow .NET and EasyFlow AiNet - Missing AuthenticationEPSS 0.4%CVE-2025-53037CRITICALVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.4%CVE-2023-4884MEDIUMMultiple vulnerabilities in Open5GSEPSS 0.4%CVE-2025-24271MEDIUMAn access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS SequoEPSS 0.4%CVE-2026-54103CRITICALU.S. GAO EPDS and CBCA EDS unauthenticated password changeEPSS 0.4%CVE-2026-25848CRITICALIn JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possibleEPSS 0.4%CVE-2025-7405HIGHInformation Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability in MELSEC iQ-F Series CPU moduleEPSS 0.4%CVE-2026-35523HIGHAuthentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocolEPSS 0.4%