CVE Database

7+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

7 results for "CWE-30"

CVE-2026-50082
6.5 MEDIUM

The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing …

Jun 12, 2026
CVE-2026-7820
6.5 MEDIUM

Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is …

May 11, 2026
CVE-2025-52392
5.4 MEDIUM

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts …

Aug 13, 2025
CVE-2024-50568
5.9 MEDIUM

A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through …

Jun 10, 2025
CVE-2025-26360
5.3 MEDIUM

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2024-8530
5.9 MEDIUM

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by …

Oct 11, 2024
CVE-2024-38433
6.7 MEDIUM

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton …

Jul 11, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.