CVE-2026-56242

Capgo before 12.128.2 contains an unauthenticated security definer RPC function getidentityapikeyonly that returns the owning userid for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys t...

Mitsubishi Electric MELSEC iQ-F Series CPU 访问控制错误漏洞

The Mitsubishi Electric MELSEC iQ-F Series CPUs are a series of CPU modules from Mitsubishi Electric Corporation Mitsubishi Electric, Japan. An access control error vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series CPUs, which stems from a lack of authentication of a critical...

CVE-2025-46409

Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the lack of authentication for a critical function, allowing attackers to upload arbitrary files.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to upload arbitrary files by sending a specially crafted request...

The vulnerability of the IBM Storage Protect (formerly IBM Spectrum Protect) software platform’s server allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the IBM Storage Protect formerly IBM Spectrum Protect software platform’s server lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...

The vulnerability of the Broker VM platform’s security system, Cortex XDR, arises from the lack of authentication for a critical function. This allows attackers to bypass the authentication process and disable certain internal services.

The vulnerability of the Broker VM platform’s security platform, Cortex XDR, is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and disable certain internal services...

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

The vulnerability of Microsoft HPC Pack, a high-performance computing tool, arises from the lack of authentication for a critical function. This allows a malicious actor to execute arbitrary code.

The vulnerability of Microsoft HPC Pack, a high-performance computing solution, is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the InnoDB component of the MySQL Database Server allows a attacker to gain read, modify, or delete access to data, or to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to data, or cause service interruptions...

The vulnerability of the visualization and industrial process management system mySCADA myPRO Runtime and the mySCADA myPRO Manager lies in the lack of authentication for a critical function, allowing attackers to bypass the authentication process.

The vulnerability of the industrial process visualization and control systems mySCADA myPRO and mySCADA myPRO Manager lies in the lack of authentication for a critical function used in the operating system’s command interface. Exploiting this vulnerability could allow an attacker to bypass the...

D-Link G416 Authentication Vulnerability

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from an authentication vulnerability that stems from a lack of authentication in the httpd...

PT-2024-5126 · Unknown · Cpci85 Central Processing/Communication +1

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 Description: A vulnerability has been identified that allows a remote authenticated user or an unauthenticated user with physical acce...

The vulnerability of the Jupyter Server Proxy software, a tool for launching and proxying web applications, stems from the lack of authentication for a critical function. This allows attackers to execute arbitrary code.

The vulnerability of the Jupyter Server Proxy software for launching and proxying web applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications lies in the lack of authentication for a critical function, allowing attackers to modify the state of existing services.

The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the state of existing services...

The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 allows a intruder to execute arbitrary code.

The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the OPC UA Quick Client software for industrial automation by Inductive Automation Ignition allows a perpetrator to execute arbitrary code.

The vulnerability of the OPC UA Quick Client software for industrial automation by Inductive Automation Ignition lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

The vulnerability of the IGSSupdateservice.exe executable of the interactive graphical SCADA system, which allows a intruder to execute arbitrary code.

The vulnerability of the IGSSupdateservice.exe executable of the Interactive Graphical SCADA System IGSS update service is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading the malicious update file...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of authentication for a critical function, allowing attackers to write arbitrary files into the file system.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to write arbitrary files to the file system...

The vulnerability of the executable file Veeam.Backup.Service.exe allows a hacker to gain unauthorized access to systems that use Veeam Backup & Replication for cloud, virtual, and physical systems protection.

The vulnerability of the Veeam.Backup.Service.exe executable, a component of the Veeam Backup & Replication solution, involves a lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the system...