Lucene search
K

869 matches found

Cvelist
Cvelist
added 2026/06/17 5:19 p.m.30 views

CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:42 p.m.8 views

EUVD-2026-37733

Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...

8.8CVSS5.5AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 2:42 p.m.32 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/17 2:42 p.m.4 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 2:42 p.m.4 views

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:42 p.m.25 views

CVE-2026-35065

Technical details about CVE-2026-35065 are not publicly provided in the connected documents. Monitor official Dell PowerFlex advisories and CVE/NVD entries for updated impact, affected versions, and fixes.

8.8CVSS5.9AI score0.00334EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 6:44 p.m.33 views

CVE-2026-50287

AgenticMail MCP HTTP mode (via --http or MCP_HTTP=1) exposed the /mcp endpoint without HTTP authentication, enabling an unauthenticated remote client to initialize a session and call master-key tools. Affected component: @agenticmail/mcp; impact includes potential exposure of administrative/gatew...

8.7CVSS5.3AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 6:44 p.m.35 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS0.00359EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-50086

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.8 views

EUVD-2026-36476

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS5.2AI score0.00222EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:1 p.m.23 views

CVE-2026-50085

The CVE-2026-50085 entry concerns the Aqara Board IoT service (op-test.aqara.com). It accepts arbitrary MQTT command payloads and forwards them to the HiveMQ broker without authentication (CWE-306: Missing Authentication for Critical Function). CVSS v3.1 base score 8.6 (High): Network access, no ...

8.6CVSS5.6AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:0 p.m.28 views

CVE-2026-50082 Aqara Developer Portal insecure authentication token

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 4:5 a.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks in the OAuth implementation. An attacker can gain unauthorized access by exploiting the lack of proper validation, even when OAuth is not configured or...

9.8CVSS7.3AI score0.00662EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

10CVSS5.3AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48906

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.4AI score0.00219EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/12 12:0 a.m.5 views

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools...

9.8CVSS5.3AI score0.9233EPSS
In wildExploits3
Cvelist
Cvelist
added 2026/06/11 7:48 p.m.33 views

CVE-2026-50245 Brickcom Cameras Missing Authentication for Critical Function

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed...

8.3CVSS0.00156EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 6:17 p.m.9 views

CVE-2026-50512

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:36 p.m.12 views

EUVD-2026-35771

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder