PT-2026-27478

Name of the Vulnerable Software and Affected Versions Pharos Controls Mosaic Show Controller version 2.15.3 Description A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 - MCPJam insp...

EUVD-2026-13718

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

CVE-2026-22898

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

CVE-2026-22898 QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

CVE-2026-22898 QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

PT-2026-26639

Name of the Vulnerable Software and Affected Versions QVR Pro versions prior to 2.7.4.14 Description QVR Pro is affected by a missing authentication check for critical functions, allowing remote attackers to gain access to the system. The issue allows attackers to bypass authentication and access...

Missing Authentication for Critical Function

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the improper validation of third-party auth provider's credentials. An...

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the decryptMessage.json.php endpoint, which processes user-supplied private keys, encrypted messages, and...

Missing Authentication for Critical Function

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in WordNet Browser HTTP server in default configuration. An attacker can cause the service to...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the POST /api/v1/buildpublictmp/flowid/flow endpoint when attacker-controlled flow data is supplied to the data parameter, which is then executed using exec without authentication or...

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the checkConfiguration.php process. An attacker can gain full administrative control and manipulate the application...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the actionLoadBucketData endpoint in DefaultController. An attacker can access sensitive information by sending unauthenticated requests with a valid CSRF token. Remediation Upgrade...

CVE-2025-13778

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13779

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugin subagent runtime dispatch gateway methods. An attacker can gain unauthorized administrative access by sending unauthenticated...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the buildStreamAuthOptions function. An attacker can access sensitive workflow execution data, configurations, logs, and queue status by sending unauthenticated requests to Server-Sent...

CVE-2025-13779

The CVE-2025-13779 entry concerns ABB AWIN GW100 rev.2 and AWIN GW120 units with a missing authentication vulnerability in a critical function. Affected revisions: GW100 rev.2 (2.0-0, 2.0-1) and GW120 (1.2-0, 1.2-1). The issue is exploitable with adjacent attack vector, low complexity, no privile...

CVE-2025-13779 Configuration Data Spill

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...