2891 matches found
Missing Authentication for Critical Function
Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the fetchModule method exposed through the WebSocket interface when the server is explicitly exposed to the network and...
EUVD-2026-19188
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
Missing Authentication for Critical Function
Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the HTTP REST API Endpoint and the WebSocket interface without any form of...
CVE-2026-5632
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
CVE-2026-5632
CVE-2026-5632 concerns assafelovic gpt-researcher (versions up to 3.4.3) where the HTTP REST API Endpoint has a missing authentication issue in a manipulated request. The vulnerability is remote, with PROOF-OF-CONCEPT exploitation and a CVSS base score in the MEDIUM-HIGH range across CVSS version...
CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
CVE-2026-5616
JeecgBoot 3.9.0/3.9.1 contains a vulnerability in the AI Chat Module, specifically an unknown function within JeecgBizToolsProvider.java under jeecg-system-biz. This manipulation results in missing authentication and can be triggered remotely. A patch is identified by the hash b7c9aeba7aefda9e008...
EUVD-2026-19128
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
PT-2026-30571
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
PT-2026-30560
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
CVE-2026-4272
CVE-2026-4272 concerns a Missing Authentication for Critical Function in Honeywell Handheld Scanners. Affected are certain Handheld Scanner bases (C1, D1, A1/B1) with specific firmware/builds; vulnerable component Scope includes Ingenic x1000/x1600/IMX25 bases before listed GK/HE/BK firmware IDs....
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the check.ffmpeg.json.php endpoint, which lacks access control checks. An attacker can obtain information about th...
CVE-2026-32211
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
CVE-2026-34952
CVE-2026-34952 / GHSA-CFH6-VR3J-QC3G : The PraisonAI Gateway server has missing authentication on its WebSocket interface. The gateway serves agent topology at /info and accepts WebSocket connections at /ws without validating credentials, allowing any network client to enumerate registered agents...
Missing Authentication for Critical Function
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PUT /signalk/v1/api/sourcePriorities endpoint, which lacks authentication and directly assigns user input to...
CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...