CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

Missing Authentication for Critical Function

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in several API endpoints that lack proper authentication checks. An attacker can access sensitive data, perform state-changing...

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...

Fortinet FortiOS 访问控制错误漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and...

CVE-2026-3527

A flaw was found in the Drupal AJAX Dashboard. This vulnerability stems from missing authentication for critical functions, allowing an attacker to exploit incorrectly configured access control security levels. This could lead to unauthorized access to sensitive data or functions within the...

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the status.json.php and disable.json.php endpoints when the authentication key is left at its default empty value. ...

Pharos Controls Mosaic Show Controller 访问控制错误漏洞

Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...

ABB AWIN GW100 访问控制错误漏洞

The ABB AWIN GW100 is a communication gateway device produced by the Swiss company ABB. The ABB AWIN GW100 rev.2 2.0-1 and earlier versions, as well as the ABB AWIN GW120 1.2-1 and earlier versions, have a security vulnerability related to access control. This vulnerability stems from the lack of...

ABB AWIN GW100和ABB AWIN GW120 访问控制错误漏洞

ABB AWIN GW100 and ABB AWIN GW120 are communication gateway devices produced by the Swiss company ABB. The ABB AWIN GW100 rev.2 2.0-1 and earlier versions, as well as the ABB AWIN GW120 1.2-1 and earlier versions, have a security vulnerability related to access control. This vulnerability stems...

TÜBİTAK BİLGEM Liderahenk 访问控制错误漏洞

TÜBİTAK BİLGEM Liderahenk is a central management system of the Turkish company TÜBİTAK BİLGEM. Versions of TÜBİTAK BİLGEM Liderahenk prior to version 3.4.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for critical functions, which could le...

CVE-2026-30784

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

SUSE CVE-2026-30784

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

CVE-2026-30784

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

CVE-2026-30784

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

CVE-2025-8350

Technical details about CVE-2025-8350 are not publicly available in the supplied documents; no concrete exploit, patch, or vendor details are provided here. Monitor for updates.

Dinosoft ERP 访问控制错误漏洞

Dinosoft ERP is an enterprise resource planning platform developed by the Turkish company Dinosoft. Versions of Dinosoft ERP from 3.0.1 up to 11022026 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for critical functions an...

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...