CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...

8.7CVSS5.8AI score0.00058EPSS

Exploits1References2

Snyk•added 2026/05/20 3:35 p.m.•5 views

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

6.9CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/20 3:35 p.m.•5 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score

Exploits0References2

NVD•added 2026/05/19 6:16 p.m.•8 views

CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

9.1CVSS0.0007EPSS

Exploits0References1

Vulnrichment•added 2026/05/19 5:0 p.m.•4 views

CVE-2026-8602 Missing authentication for critical function in ScadaBR

8.8CVSS5.9AI score0.0007EPSS

Exploits0References1

Cvelist•added 2026/05/19 5:0 p.m.•31 views

CVE-2026-8602 Missing authentication for critical function in ScadaBR

8.8CVSS0.0007EPSS

Exploits0References1

EUVD•added 2026/05/19 5:0 p.m.•5 views

EUVD-2026-30960

8.8CVSS5.9AI score0.0007EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41988

8.8CVSS5.9AI score0.0007EPSS

Exploits0References2

Snyk•added 2026/05/14 8:26 p.m.•5 views

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getstatus function. An attacker can access sensitive configuration details by sending an unauthenticated HTTP GET request to the affected endpoint...

6.9CVSS5.8AI score0.00039EPSS

Exploits1References2

Packet Storm•added 2026/05/13 12:0 a.m.•47 views

📄 Flowise Missing Authentication

Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability. Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/...

9.8CVSS6AI score0.32362EPSS

Exploits13

Exploit DB•added 2026/05/13 12:0 a.m.•45 views

Flowise < 3.0.5 - Missing Authentication for Critical Function

Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-58434 from requests import post fr...

9.8CVSS6AI score0.32362EPSS

Exploits13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by