Falhas do tipo CWE-306
1.713 resultadosCVE-2026-4562MEDIUMMacCMS Timming API Endpoint Timming.php weak authenticationEPSS 0.5%CVE-2024-48768HIGHAn issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmwaEPSS 0.5%CVE-2025-26365HIGHA CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11EPSS 0.5%CVE-2023-21856HIGHVulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versEPSS 0.5%CVE-2025-26363HIGHA CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11EPSS 0.5%CVE-2025-26362HIGHA CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11EPSS 0.5%CVE-2018-25335CRITICALWordPress Plugin Peugeot Music 1.0 Arbitrary File UploadEPSS 0.5%CVE-2026-39858HIGHTraefik: Forwarded alias spoofing top pre-auth decision bypassEPSS 0.5%CVE-2026-32064HIGHOpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC ObserverEPSS 0.5%CVE-2025-34232MEDIUMVasion Print (formerly PrinterLogic) Blind SSRF via Lexmark dellCheck.phpEPSS 0.5%CVE-2025-5906MEDIUMcode-projects Laundry System data missing authenticationEPSS 0.5%CVE-2026-4187MEDIUMTiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authenticationEPSS 0.5%CVE-2026-2248CRITICALUnauthenticated Remote Root Shell Access via Web Console in METIS WICEPSS 0.5%CVE-2026-2249CRITICALUnauthenticated Remote Command Execution via Web Console in METIS DFSEPSS 0.5%CVE-2025-8025CRITICALImproper Access Control in Dinosoft Business Solutions' Dinosoft ERPEPSS 0.5%CVE-2024-48775HIGHAn issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update procEPSS 0.5%CVE-2023-22101HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.5%CVE-2025-41651CRITICALWeidmueller: Missing Authentication Vulnerability in Industrial Ethernet SwitchesEPSS 0.5%CVE-2024-48777HIGHLEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.EPSS 0.5%CVE-2024-48773HIGHAn issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update processEPSS 0.5%