Nhost 安全漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 1.41.0 contained security vulnerabilities. These vulnerabilities stemmed from the Nhost CLI MCP server, which, when explicitly configured to listen on network ports, did not apply inbound authenticatio...

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

CVE-2025-12476

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.3.9 that stems from a lack of authentication and vulnerability to path traversal attacks...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of authentication for a critical function, allowing attackers to trigger a service failure.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...

WordPress plugin JetElements For Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

The vulnerability of the SocketService module in the software for managing power sources of Voltronic Power ViewPower Pro allows a intruder to trigger a service failure.

The vulnerability of the SocketService module in the software for managing power sources of Voltronic Power ViewPower Pro is related to the lack of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause a service failure through a specially craft...

PT-2023-23118 · Unitreerobotics +1 · A1 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to a lack of authentication, allowing an unauthenticated local user to access cameras through the web server without any form of authentication. Recommendations...

The configuration interface vulnerability of the Hitron CODA-5310 cable switch allows a perpetrator to execute arbitrary commands or cause service failures.

The vulnerability of the Hitron CODA-5310 cable gateway configuration interface is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or cause service failures...

The vulnerability of the SAP Diagnostic Agent lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to compromise confidentiality, integrity, and accessibility of data.

The vulnerability of the SAP Diagnostic Agent relates to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to compromise confidentiality, integrity, and accessibility...

SAP Diagnostics Agent 访问控制错误漏洞

SAP Diagnostics Agent is a system diagnostics agent program from SAP, Germany. An access control error vulnerability exists in SAP Diagnostics Agent version 720, which stems from a lack of authentication and insufficient input validation...

PT-2021-21095 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort versions through 4.8.488.0 Description: The issue concerns the 'encrypted' mode of Digi RealPort, which is susceptible to man-in-the-middle attacks due to a lack of authentication. Recommendations: For versions through 4.8.488.0...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...

Rock RMS Security Vulnerability

Rock RMS is a church management system. Versions of Rock RMS prior to 8.6 have a security vulnerability. An attacker could easily take over an account by tampering with the user id parameter in the profile update. Due to the lack of authentication and the use of consecutive user ids, any user can...

The vulnerability of the Modbus terminal protocol implementation in the EKRA 200 microprocessor series allows a hacker to execute any Modbus command and alter the controller’s configuration, including modifying the control program and executing arbitrary code.

The vulnerability of the Modbus microprogramming software for ECUs exists due to the lack of authentication for any Modbus protocol commands. Exploiting this vulnerability allows a malicious actor to execute any Modbus command remotely and alter the controller’s configuration, including modifying...

The vulnerability of the CAMS for HIS distributed control systems’ emergency message and event management component allows a intruder to unauthorizedly interact with the server.

The vulnerability of the CAMS for HIS distributed control systems’ emergency message and event management component is related to the lack of authentication during interactions via a specialized protocol. Exploiting this vulnerability allows an attacker to perform unauthorized interactions with t...

PT-2017-19223 · Sma Solar Technology · Sunny Tripower +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: The SMAdata2+ communication protocol in SMA Solar Technology products does not properly us...

DEBIAN-CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...