4018 matches found
PT-2026-50432
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Dell PowerFlex Manager versions prior to 4.5.5.2 Description An improper authentication issue allows an unauthenticated attacker with adjacent network access to bypass authentication without...
CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)
Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...
EUVD-2026-36653
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...
CVE-2026-12183
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...
CVE-2026-12183
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...
CVE-2026-12183
CVE-2026-12183 affects Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1–2.10.2 on Linux. The vulnerability is an improper authentication (CWE-287) in the system configuration module: the /php/ajax-login.php endpoint can return userid=1 (administrator) for any HTTP POST w...
PT-2026-49099
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...
CVE-2026-48611
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...
PT-2026-48826
Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.17 Description Improper authentication checks in the OAuth implementation allow unauthenticated attackers to hijack accounts, including administrator accounts, on default installations. This issue occurs even if OAu...
Exploit for Improper Authentication in Pocketbase
CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self...
CVE-2026-44810
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...
EUVD-2026-35744
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...
CVE-2026-44810
CVE-2026-44810: Improper authentication in Windows Cryptographic Services allows a local attacker to elevate privileges. Affected: Windows Cryptographic Services. Impact: HIGH (CVSS 3.1 base 8.4) with local attack, no user interaction required; confidentiality, integrity, and availability are HIG...
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...
CVE-2026-11618 DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...
EUVD-2026-35291
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...
Taier 授权问题漏洞
Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...
PT-2026-47926
Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services affected versions not specified Description Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally, which can affect the system. Recommendations At...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42271link is external BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751link is external Check Point Security Gateway Improper Authentication...