CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

CVE-2026-28766

CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...

CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-28767

CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...

CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint is accessible without proper authentication, exposing device management functions...

CVE-2026-32646

CVE-2026-32646 concerns the Gardyn Cloud API where administrative endpoints (e.g., /api/admin/) lack proper authentication, exposing device management and internal admin communications. Multiple connected sources (Red Hat, CVE/CVE list, Circle, CVE writeups, and PT-2026-30214) corroborate a patte...

Missing Authentication for Critical Function

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI endpoints under /ajax-api/3.0/jobs/ when the basic-auth app is enabled. An attacker can gain unauthorized access to submit, read, search, and cancel jobs by sending network...

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

EUVD-2026-18560

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...

CVE-2026-32211

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...

CVE-2026-32211

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

Exploit for CVE-2026-28767

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

Azure MCP Server Information Disclosure Vulnerability

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...

EUVD-2026-18120

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

Missing Authentication for Critical Function

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /api/vanna/v2/chatpoll, /api/vanna/v2/chatsse, and /api/vanna/v2/chatwebsocket endpoints. An attacker can gain unauthorized access...

CVE-2026-5320

CVE-2026-5320 affects vanna-ai vanna up to 2.0.2. The vulnerability resides in an unknown functionality of the file /api/vanna/v2/ (Chat API Endpoint), where manipulation leads to missing authentication and allows remote exploitation. Public exploit available; vendor status unknown. Affected pack...

CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...