Fallos del tipo CWE-306
1717 resultadosCVE-2026-46892CRITICALVulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The suEPSS 0.4%CVE-2024-37767HIGHInsecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET reqEPSS 0.4%CVE-2026-34227MEDIUMSliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP InterfaceEPSS 0.4%CVE-2021-47940CRITICALWordPress Download From Files 1.48 Arbitrary File UploadEPSS 0.4%CVE-2024-7726MEDIUMArbitrary Code execution via exposed JTAG port in Kioxia CM6, PM6, PM7EPSS 0.4%CVE-2026-27584CRITICALActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpointsEPSS 0.4%CVE-2017-20220HIGHServiio PRO 1.8 Unauthenticated Password Change via REST APIEPSS 0.4%CVE-2026-8031MEDIUMPicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authenticationEPSS 0.4%CVE-2022-41505MEDIUMAn access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UAREPSS 0.4%CVE-2025-69285HIGHSQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2024-22326MEDIUMIBM System Storage improper authenticationEPSS 0.4%CVE-2023-45220HIGHThe Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol tEPSS 0.4%CVE-2025-30111HIGHOn IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized usEPSS 0.4%CVE-2025-32377MEDIUMRasa Pro Missing Authentication For Voice Connector APIsEPSS 0.4%CVE-2026-35279HIGHVulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versionsEPSS 0.4%CVE-2026-35274HIGHVulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions EPSS 0.4%CVE-2026-56346MEDIUMAVideo - Unauthenticated PGP Message Decryption via decryptMessage.json.php EndpointEPSS 0.4%CVE-2026-44895CRITICALGitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab toolsEPSS 0.4%CVE-2024-41967HIGHWAGO: Boot Mode Manipulation in Multiple DevicesEPSS 0.4%CVE-2026-6577MEDIUMliangliangyy DjangoBlog logtracks Endpoint views.py missing authenticationEPSS 0.4%