Nhost 安全漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 1.41.0 contained security vulnerabilities. These vulnerabilities stemmed from the Nhost CLI MCP server, which, when explicitly configured to listen on network ports, did not apply inbound authenticatio...

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

CVE-2025-12476

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.3.9 that stems from a lack of authentication and vulnerability to path traversal attacks...

WordPress plugin JetElements For Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2023-23118 · Unitreerobotics +1 · A1 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to a lack of authentication, allowing an unauthenticated local user to access cameras through the web server without any form of authentication. Recommendations...

SAP Diagnostics Agent 访问控制错误漏洞

SAP Diagnostics Agent is a system diagnostics agent program from SAP, Germany. An access control error vulnerability exists in SAP Diagnostics Agent version 720, which stems from a lack of authentication and insufficient input validation...

PT-2021-21095 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort versions through 4.8.488.0 Description: The issue concerns the 'encrypted' mode of Digi RealPort, which is susceptible to man-in-the-middle attacks due to a lack of authentication. Recommendations: For versions through 4.8.488.0...

Rock RMS Security Vulnerability

Rock RMS is a church management system. Versions of Rock RMS prior to 8.6 have a security vulnerability. An attacker could easily take over an account by tampering with the user id parameter in the profile update. Due to the lack of authentication and the use of consecutive user ids, any user can...

PT-2017-19223 · Sma Solar Technology · Sunny Tripower +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: The SMAdata2+ communication protocol in SMA Solar Technology products does not properly us...

DEBIAN-CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...