GHSA-FJ4G-2P96-Q6M3 Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

PT-2026-37081

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list files/retrieve file/retrieve file content/delete file of the file libs/chatchat-server/chatchat/server/api server/openai routes.py of the component Compatible File...

📄 JUNG Smart Visu Server 1.1.1050 Denial of Service

JUNG Smart Visu Server version 1.1.1050 suffers from a denial of service vulnerability. Exploit Title: JUNG Smart Visu Server 1.1.1050- Dos CVE: CVE-2026-26235 Date: 2026-02-12 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub:...

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

Missing Authentication for Critical Function

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by sending a crafted installation request before the legitimate operator...

Missing Authentication for Critical Function

Overview arelle-release is an An open source XBRL platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugins parameter in the /rest/configure endpoint, which is processed without authentication or authorization. An attacker can execu...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 cPanel & WHM Verification Tool This repository...

Missing Authentication for Critical Function

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...

CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

CVE-2026-7723

Technical details about CVE-2026-7723 are not publicly available in the provided documents. Monitor for official updates and patches; upgrading to 3.6.14 is mentioned in the description as a fix.

EUVD-2026-26877

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7714

CVE-2026-7714 affects crocodilestick Calibre-Web-Automated (up to version 4.0.6). The vulnerability lies in the Admin Endpoint’s cps/cwa_functions.py, where authentication is missing, enabling a remote attacker to potentially exploit it. Exploit details have been published, and the project was in...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...