Lucene search
K

2972 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50812

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...

9.5CVSS6.5AI score0.0071EPSS
Exploits0References13
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.9 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
Snyk
Snyk
added 2026/06/17 6:43 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the createuploadfile function. An attacker can exhaust server disk space and obtain sensitive file system information by uploading arbitrary files without authentication and receiving...

9.3CVSS6AI score0.0031EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/17 5:20 p.m.17 views

CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:20 p.m.7 views

EUVD-2026-37754

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS5.2AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:20 p.m.11 views

CVE-2026-30799

CVE-2026-30799 documents describe a Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) that enables Identity Spoofing. Affected ranges include Connext Professional: 7.4.0–before 7.7.0, 7.0.0–before 7.3., 6.1.0–before 6.1. , 6.0.0–before 6.0.,...

6.1CVSS5.2AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 5:19 p.m.32 views

CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:19 p.m.7 views

EUVD-2026-37771

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6CVSS5.2AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:19 p.m.14 views

CVE-2026-2675

RTI Connext Professional (Security Plugins) is affected by CVE-2026-2675: Missing Authentication for a Critical Function. Affected Connext Professional versions include 5.3.* before 5.3., 6.0. before 6.0., 6.1. before 6.1.*, 7.0.0 before 7.3.1.3, and 7.4.0 before 7.7.0. The CVSS 4.0 base score is...

6CVSS5.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:42 p.m.8 views

EUVD-2026-37733

Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...

8.8CVSS5.5AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 2:42 p.m.32 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/17 2:42 p.m.4 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 2:42 p.m.4 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:42 p.m.26 views

CVE-2026-35065

Technical details about CVE-2026-35065 are not publicly provided in the connected documents. Monitor official Dell PowerFlex advisories and CVE/NVD entries for updated impact, affected versions, and fixes.

8.8CVSS5.9AI score0.00334EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Critical Step in Authentication (CVE-2026-40542)

Summary There are vulnerabilities in httpclient5-5.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40542. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-40542 DESCRIPTION: Missing critical step in authentication in Apache HttpClient 5.6 allows an...

7.3CVSS5.2AI score0.00456EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/06/14 3:30 a.m.75 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 – MCPJam Inspector Unauthenticated Remote Code...

9.8CVSS6.6AI score0.38374EPSS
Exploits30
GithubExploit
GithubExploit
added 2026/06/12 10:44 p.m.76 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

Information Security Fundamentals — Spring 2026 Project Tot...

10CVSS6.4AI score0.97673EPSS
Exploits36
Cvelist
Cvelist
added 2026/06/12 6:44 p.m.36 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:44 p.m.7 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS5.3AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder