2881 matches found
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...
CVE-2026-10243
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
EUVD-2026-33608
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
CVE-2026-10243
CVE-2026-10243 affects code-projects Smart Parking System 1.0, specifically an Admin Endpoint function with missing authentication leading to remote abuse. Public exploit disclosed; multiple endpoints are affected. The connected documents confirm vulnerability presence and exposure but do not pro...
CVE-2026-10243
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
CVE-2026-10243 code-projects Smart Parking System Admin Endpoint missing authentication
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
CVE-2026-10243 code-projects Smart Parking System Admin Endpoint missing authentication
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
on kali linux - terminal 1...
PT-2026-45504
A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...
PT-2026-45352
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...
PT-2026-45397
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
PT-2026-45502
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
usage: exploit.py -h --lhost LHOST --lport LPOR...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
CVE-2026-23744 — MCPJam Inspector Unauthenticated RCE !Pytho...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
CVE-2026-23744 !Image althttps...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
No d...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
No d...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...
CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions
Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...