161393 matches found
EUVD-2026-36496
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...
CVE-2026-6853
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...
CVE-2026-50086 Aqara unauthenticated AES oracle
The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...
CVE-2026-50086 Aqara unauthenticated AES oracle
The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...
CVE-2026-50086
The CVE-2026-50086 entry concerns the Aqara IAM/SSO gateway (gw-builder.aqara.com), where bidirectional AES round-trups are exposed against the platform's signing key without authentication. This is identified as CWE-306 (Missing Authentication for Critical Function) and CWE-327 (Use of a Broken ...
EUVD-2026-36476
The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...
EUVD-2026-36475
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
CVE-2026-50085 Aqara Board IoT insecure debug API
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
EUVD-2026-36472
The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...
CVE-2026-50082
The Aqara Cloud Developer Portal is affected by a Missing Authentication for Critical Function (CWE-306) vulnerability where a developer token could be issued to any email address, enabling an unauthenticated user to potentially take over devices when combined with CVE-2026-50083/84/85. The CVSS ...
CVE-2026-50082 Aqara Developer Portal insecure authentication token
The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...
CVE-2026-50082 Aqara Developer Portal insecure authentication token
The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...
CVE-2026-5792 Authentication Bypass in Hedef Media's Related Marketing Cloud (RMC)
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows Brute Force. This issue affects Related Marketing Cloud RMC: through 12052026...
EUVD-2026-36486
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows Brute Force. This issue affects Related Marketing Cloud RMC: through 12052026...
CVE-2026-5792 Authentication Bypass in Hedef Media's Related Marketing Cloud (RMC)
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows Brute Force. This issue affects Related Marketing Cloud RMC: through 12052026...
CVE-2026-5792
CVE-2026-5792 is described as an authentication bypass by spoofing vulnerability in Related Marketing Cloud (RMC) used by Hedef Media Promotion Interactive Media Marketing Inc. The issue affects RMC up to 12052026. The NVD entry provides a CVSS 3.1 base score of 6.5 (Network, Low attack complexit...
Exploit for Improper Authentication in Checkpoint Gaia_Os
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass...
CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...
CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...
EUVD-2026-36429
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...