mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory reset function. Unauthorized attackers could exploit...

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...

CVE-2026-6126 zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint is accessible without proper authentication, exposing device management functions...

Pharos Controls Mosaic Show Controller 访问控制错误漏洞

Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...

CVE-2026-3641

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

CVE-2026-25071

CVE-2026-25071 affects XikeStor SKS8310-8X network switch firmware version 1.04.B07 and earlier. The vulnerability is a missing authentication on the /switch_config.src endpoint, allowing unauthenticated remote attackers to download device configuration files, potentially exposing sensitive VLAN ...

CVE-2026-2065

A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. T...

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

EUVD-2025-37762

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

CVE-2025-12476 Resource Lacking AuthN

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2014-0190

Malware in sbrugna...

CVE-2025-56578

An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensitive information and executearbitrary code via the lack of authentication mechanisms...

Linux Distros Unpatched Vulnerability : CVE-2025-0896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by...

Packet Power EMX and EG

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimizing...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems stems from the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

COROS PACE 3 安全漏洞

COROS PACE 3 is a GPS sports watch from the Chinese company COROS. A security vulnerability exists in COROS PACE 3 3.0808.0 and prior versions, which stems from a lack of authentication and could lead to a man-in-the-middle attack...

The vulnerability of Microprogramming Software in the Wiren Board controller lies in the lack of implementation for authentication when changing access rights, allowing attackers to escalate their privileges.

The vulnerability of the Microprogramming Software of the Wiren Board controller is related to the absence of authentication mechanisms for changing access rights. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerability of the Design Tools component of the JD Edwards EnterpriseOne Tools system, which manages enterprise resources, allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Design Tools component of the JD Edwards EnterpriseOne Tools system’s resource management system is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, add, or delete data through HTTP requests...