Falhas do tipo CWE-306
1.704 resultadosCVE-2022-34321HIGHApache Pulsar: Improper Authentication for Pulsar Proxy Statistics EndpointEPSS 1.8%CVE-2020-10282CRITICALRVD#3316: No authentication in MAVLink protocolEPSS 1.7%CVE-2021-32800HIGHBypass of Two Factor Authentication in Nextcloud serverEPSS 1.7%CVE-2022-39412HIGHVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affEPSS 1.7%CVE-2020-14501—Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of thEPSS 1.7%CVE-2024-38143MEDIUMWindows WLAN AutoConfig Service Elevation of Privilege VulnerabilityEPSS 1.7%CVE-2025-34121CRITICALIdera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCEEPSS 1.7%CVE-2021-31337—The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow EPSS 1.7%CVE-2022-27169HIGHAn information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16EPSS 1.6%CVE-2022-39425HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PriorEPSS 1.6%CVE-2022-45479CRITICALPC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorizatEPSS 1.6%CVE-2022-45481CRITICALThe default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with noEPSS 1.6%CVE-2020-10625—WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.EPSS 1.6%CVE-2023-39457CRITICALTriangle MicroWorks SCADA Data Gateway Missing Authentication VulnerabilityEPSS 1.6%CVE-2014-125116CRITICALHybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration InjectionEPSS 1.6%CVE-2022-25250HIGHPTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical FunctionEPSS 1.6%CVE-2020-3402MEDIUMCisco Unified Customer Voice Portal Information Disclosure VulnerabilityEPSS 1.6%CVE-2021-3825CRITICALMissing Authorization Checks in LiderAhenkEPSS 1.6%CVE-2022-4978CRITICALSteppschuh Remote Control Server 3.1.1.12 Unauthenticated RCEEPSS 1.6%CVE-2017-2638MEDIUMIt was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnEPSS 1.6%