Falhas do tipo CWE-306
1.707 resultadosCVE-2023-23906HIGHMissing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unautEPSS 1.3%CVE-2025-34110CRITICALColoradoFTP Server <= 1.3 Build 8 Path Traversal Information DisclosureEPSS 1.3%CVE-2025-34079HIGHNSClient++ Authenticated Remote Code Execution via ExternalScripts APIEPSS 1.3%CVE-2022-27645HIGHThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. AuthentiEPSS 1.3%CVE-2022-41331CRITICALA missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a EPSS 1.3%CVE-2023-47674CRITICALMissing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite oEPSS 1.3%CVE-2023-28326CRITICALApache OpenMeetings: allows user impersonationEPSS 1.3%CVE-2021-27255MEDIUMThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. AEPSS 1.3%CVE-2022-46414CRITICALAn issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command exeEPSS 1.3%CVE-2021-43447HIGHONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attEPSS 1.3%CVE-2019-13525—In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to EPSS 1.3%CVE-2020-12505HIGHWAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07EPSS 1.2%CVE-2022-40202CRITICAL
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attEPSS 1.2%CVE-2026-20803HIGHMicrosoft SQL Server Elevation of Privilege VulnerabilityEPSS 1.2%CVE-2019-6820HIGHA CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IPEPSS 1.2%CVE-2022-29226CRITICALTrivial authentication bypass in EnvoyEPSS 1.2%CVE-2020-10038—A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attackEPSS 1.2%CVE-2022-27584CRITICALPassword recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel EPSS 1.2%CVE-2022-27586CRITICALPassword recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gaEPSS 1.2%CVE-2022-27582CRITICALPassword recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userleEPSS 1.2%