Fallos del tipo CWE-306

1717 resultados
CVE-2026-46952HIGHVulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affectEPSS 0.4%CVE-2026-35303HIGHVulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.EPSS 0.4%CVE-2026-46942HIGHVulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). SupEPSS 0.4%CVE-2026-46962HIGHVulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versiEPSS 0.4%CVE-2026-46937HIGHVulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versEPSS 0.4%CVE-2026-46903HIGHVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infrastructure Security). SuppoEPSS 0.4%CVE-2026-46951HIGHVulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affectEPSS 0.4%CVE-2026-46961HIGHVulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versiEPSS 0.4%CVE-2025-40736CRITICALA vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorEPSS 0.4%CVE-2025-11007CRITICALCE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings UpdateEPSS 0.4%CVE-2024-40087CRITICALVilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 alEPSS 0.4%CVE-2026-3558HIGHPhilips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass VulnerabilityEPSS 0.4%CVE-2020-37157HIGHDBPower C300 HD Camera - Remote Configuration DisclosureEPSS 0.4%CVE-2025-7115MEDIUMrowboatlabs rowboat Session route.ts PUT missing authenticationEPSS 0.4%CVE-2026-10617MEDIUMnextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authenticationEPSS 0.4%CVE-2026-48989HIGHWindows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORSEPSS 0.4%CVE-2026-6126MEDIUMzhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authenticationEPSS 0.4%CVE-2024-37767HIGHInsecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET reqEPSS 0.4%CVE-2026-46892CRITICALVulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The suEPSS 0.4%CVE-2026-34227MEDIUMSliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP InterfaceEPSS 0.4%