Falhas do tipo CWE-306
1.704 resultadosCVE-2023-22047HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affectEPSS 74.5%CVE-2025-8943CRITICALUnsupervised OS command execution leads to remote code execution by unauthenticated network attackersEPSS 70.9%CVE-2019-5620—ABB MicroSCADA Pro SYS600 Missing Authentication for Critical FunctionEPSS 70.1%CVE-2023-28461CRITICALArray Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSEPSS 67.6%KEVCVE-2022-3229CRITICALBecause the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenEPSS 66.4%CVE-2021-29442HIGHAuthentication bypassEPSS 64.7%CVE-2024-8956CRITICALPTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient AuthenticationEPSS 60.9%KEVCVE-2022-45933CRITICALKubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authenticEPSS 51.7%CVE-2021-41266HIGHAuthentication bypass issue in the Operator ConsoleEPSS 51.4%CVE-2024-46506CRITICALNetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lEPSS 50.2%CVE-2025-58434CRITICALFlowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account TakeoverEPSS 50.1%CVE-2022-23227CRITICALNUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary usersEPSS 49.4%KEVCVE-2025-52665CRITICALA malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, tEPSS 40.5%CVE-2022-35871HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b202EPSS 39.2%CVE-2026-33032CRITICALNginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEPSS 38.5%CVE-2026-23744CRITICALREC in MCPJam inspector due to HTTP Endpoint exposesEPSS 38.4%CVE-2023-20126CRITICALCisco SPA112 2-Port Phone Adapters Remote Command Execution VulnerabilityEPSS 38.1%CVE-2022-26833CRITICALAn improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A speciaEPSS 37.6%CVE-2025-49596CRITICALMCP Inspector proxy server lacks authentication between the Inspector client and proxyEPSS 37.0%CVE-2021-22652—Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacEPSS 36.8%