Fallos del tipo CWE-306
1719 resultadosCVE-2026-28450HIGHOpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP EndpointsEPSS 0.3%CVE-2026-33366MEDIUMMissing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the proEPSS 0.3%CVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%CVE-2026-9152CRITICALUnauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index DestructionEPSS 0.3%CVE-2025-51543CRITICALAn issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_pEPSS 0.3%CVE-2020-27225—In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web seEPSS 0.3%CVE-2022-26394MEDIUMUnauthenticated network reconfiguration via TCP/UDPEPSS 0.3%CVE-2025-30126MEDIUMAn issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remoEPSS 0.3%CVE-2025-59780HIGHGeneral Industrial Controls Lynx+ Gateway Missing Authentication for Critical FunctionEPSS 0.3%CVE-2025-32876MEDIUMAn issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure EPSS 0.3%CVE-2026-31245MEDIUMThe mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint alEPSS 0.3%CVE-2023-37325MEDIUMD-Link DAP-2622 DDP Set SSID List Missing Authentication VulnerabilityEPSS 0.3%CVE-2026-35065HIGHDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticEPSS 0.3%CVE-2026-32291HIGHGL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial consoleEPSS 0.3%CVE-2022-31022MEDIUMMissing Role Based Access Control for the REST handlers in bleve/http packageEPSS 0.3%CVE-2025-11171MEDIUMChartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative FunctionEPSS 0.3%CVE-2026-44329CRITICALfree5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlersEPSS 0.3%CVE-2025-11986MEDIUMCrypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication StateEPSS 0.3%CVE-2023-35874MEDIUMImproper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP PlatformEPSS 0.3%CVE-2021-20262—A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to takeEPSS 0.3%