Lucene search
+L

3092 matches found

Snyk
Snyk
added 2026/07/08 4:38 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 4:40 p.m.37 views

CVE-2026-13019 Missing Authentication

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 4:40 p.m.22 views

CVE-2026-13019

Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...

9.8CVSS6AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1524 Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

9.3CVSS6AI score0.20655EPSS
Exploits1References7
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

9.8CVSS0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55908

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper authentication and a failure to fail securely in the Apache Camel Keycloak component allow unauthenticated access to protected routes...

9.8CVSS6.3AI score0.00619EPSS
Exploits0References3
OSV
OSV
added 2026/07/05 5:30 a.m.4 views

CVE-2026-14714 zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS6.2AI score0.00453EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/04 8:45 a.m.10 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 8:45 a.m.22 views

CVE-2026-14622

CVE-2026-14622 affects the restaurant-website-php-mysql project (up to commit 521428b5b612449df0cf4a5d15ee40cba67f3d35). The vulnerability is in the /admin/ajax_files component of the AJAX Endpoint, whereby input manipulation leads to missing authentication. It is exploitable remotely, with a pub...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 3:26 p.m.6 views

GHSA-84HP-MQVJ-3P8H mcp-memory-service: Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete

Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCPAPIKEY or OAuth. An...

9.8CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/07/02 2:16 p.m.11 views

CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 1:12 p.m.9 views

EUVD-2026-41371

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 1:12 p.m.19 views

CVE-2026-4767

Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the supplied documents. Monitor for updates.

9.8CVSS5.8AI score0.00333EPSS
Exploits0References1
Rows per page
Query Builder