2910 matches found
CVE-2026-23662
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
CVE-2026-23662
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
Azure IoT Explorer Information Disclosure Vulnerability
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
CVE-2026-2339 RCE in TUBITAK BILGEM's Liderahenk
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1...
CVE-2026-2339
CVE-2026-2339 affects Liderahenk before 3.4.0 with a Missing Authentication for Critical Function vulnerability that allows Remote Code Inclusion, Privilege Abuse and Command Injection. The issue is exploitable over the network (high access complexity, user interaction required) and has high impa...
CVE-2026-2339 RCE in TUBITAK BILGEM's Liderahenk
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...
Linkdave Missing Authentication on REST and WebSocket endpoints
The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...
CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...
PT-2026-24208
Name of the Vulnerable Software and Affected Versions TUBITAK BILGEM Software Technologies Research Institute Liderahenk versions prior to 3.4.0 Description A missing authentication check for a critical function in Liderahenk allows for remote code inclusion, privilege abuse, and command injectio...
PT-2026-24268
Уязвимость программного обеспечения Azure IoT Explorer связана с передачей критичной информации открытым текстом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию...
CVE-2026-30824 Flowise: Missing Authentication on NVIDIA NIM Endpoints
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...
Missing Authentication For Critical Function
Apache ActiveMQ Artemis is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to missing authentication checks in the Core protocol federation mechanism, allowing an unauthenticated attacker to force the broker to establish an outbound connection to a rogue broke...
EUVD-2026-10093
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25071 XikeStor SKS8310-8X switch_config.src Missing Authentication
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
GHSA-5F53-522J-J454 Flowise Missing Authentication on NVIDIA NIM Endpoints
Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...
Missing Authentication for Critical Function
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the WHITELISTURLS configuration, which allows unauthenticated access to privileged endpoints under /api/v1/nvidia-nim/. An attacker can obtain valid NVIDIA A...
Flowise Missing Authentication on NVIDIA NIM Endpoints
Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...
CVE-2026-30784
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...