515 matches found
ZLAN5143D 访问控制错误漏洞
ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from an inability to enforce authentication properly. This vulnerability allows attackers to directly access internal URLs...
CVE-2026-2165
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...
CVE-2020-37143
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successfu...
Unspecified Vulnerability in Delta Electronics DIAView
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...
CVE-2025-55292
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...
CVE-2026-24127
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...
CVE-2026-24127
CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...
CVE-2026-24127 Typemill has Reflected XSS via login error view template
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...
CVE-2025-53968
CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...
Delta Electronics DIAView 安全漏洞
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...
CVE-2025-66005
InputPlumber’s InputManager D‑Bus interface lacks authorization in versions before v0.63.0, allowing local impact in the active user session: Denial‑of‑Service, information disclosure, or privilege escalation. Affected component: InputPlumber (InputManager D‑Bus). Root cause: missing authorizatio...
CVE-2018-14705
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...
CVE-2021-27569
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic...
CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...
CVE-2023-45851
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...
Missing Authentication for Critical Function
Overview wolfssl is a Python module that encapsulates wolfSSL's C SSL/TLS library. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper enforcement of client certificate requirements in the CERTREQUIRED process. An attacker can gain...
Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
CVE-2025-69413
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
PT-2026-1000
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x, which stems from a failure...