2891 matches found
CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...
Carlson VASCO-B GNSS Receiver 访问控制错误漏洞
The Carlson VASCO-B GNSS Receiver is a high-precision satellite positioning receiving device developed by the American company Carlson. The Carlson VASCO-B GNSS Receiver has a access control vulnerability, which stems from the lack of an authentication mechanism. This vulnerability may allow...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the TlsTransportPlugin. An attacker can gain unauthorized access by establishing a TLS connection without presenting a valid client certificate, as the system assigns an anonymous princip...
CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...
CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...
CVE-2026-7042
The CVE concerns 666ghj MiroFish REST API Endpoint (up to version 0.1.2). The flaw is in the create_app function located at backend/app/init .py, described as missing authentication. This can enable remote abuse, with a published exploit mentioned in the description. No remediation or patch detai...
CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
EUVD-2026-25719
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
Exploit for Missing Authentication for Critical Function in Coreweave Marimo
CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-40620
SenseLive X3050 is affected by a network‑accessible vulnerability in its embedded management service that permits full administrative control without authentication or authorization. The issue enables any reachable host using a vendor or compatible client to modify critical configuration paramete...
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...