Lucene search
K

2979 matches found

Nuclei
Nuclei
added yesterday24 views

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS7.2AI score0.06765EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday67 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.2AI score0.37606EPSS
Exploits1References4
CVE
CVE
added yesterday8 views

CVE-2026-13019

Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...

9.8CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-13019 Missing Authentication

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

9.8CVSS0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55908

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper authentication and a failure to fail securely in the Apache Camel Keycloak component allow unauthenticated access to protected routes...

9.8CVSS6.3AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-14622

CVE-2026-14622 affects the restaurant-website-php-mysql project (up to commit 521428b5b612449df0cf4a5d15ee40cba67f3d35). The vulnerability is in the /admin/ajax_files component of the AJAX Endpoint, whereby input manipulation leads to missing authentication. It is exploitable remotely, with a pub...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS0.00333EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41371

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-4767

Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the supplied documents. Monitor for updates.

9.8CVSS5.8AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

9.1CVSS0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:53 p.m.6 views

EUVD-2026-40401

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

8.2CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:57 a.m.12 views

CVE-2026-14162

Advantech Hospital Queuing Management is listed under CVE-2026-14162 with a Missing Authentication/Unauthenticated access scenario. The description states a Sensitive Data Exposure where unauthenticated remote attackers can access a URL to obtain API documentation. The connected CVE entry confirm...

9.8CVSS5.8AI score0.00472EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 6:28 a.m.17 views

CVE-2026-12819

CVE-2026-12819 affects the Delta Electronics DVP12SE PLC. The issue is exposure of a Modbus TCP service on a specified port without authentication or access control, allowing unauthenticated interaction with security‑sensitive PLC functions. The CVSS metrics indicate high impact on confidentialit...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway

Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-344 Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.3AI score0.01816EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 9:16 a.m.9 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 8:59 p.m.13 views

CVE-2026-40702

CVE-2026-40702 involves WebSocket endpoints in EVoke Systems EVoke CSMS that lack authentication, allowing attackers to impersonate charging stations and gain unauthorized access or perform actions. The underlying issue is no authentication for the WebSocket interface, enabling privilege escalati...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-4522

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...

6.7CVSS0.00123EPSS
Exploits0References1
Rows per page
Query Builder