2910 matches found
CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26288
CVE-2026-26288 involves WebSocket/OCPP endpoints lacking authentication, enabling an unauthenticated attacker to impersonate a charging station and send/receive OCPP commands as a legitimate charger. The issue can lead to privilege escalation, unauthorized control of charging infrastructure, and ...
CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-26051
CVE-2026-26051 affects WebSocket/OCPP endpoints where no authentication is required. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as a legitimate charger, enabling privilege escala...
CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the webhook process of the BlueBubbles plugin due to trusting the loopback remoteAddress without validating forwarding headers. An attacker...
SUSE CVE-2026-30784
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...
Apache Artemis 2.11.0 < 2.45.0 / 2.50.0 < 2.52.0 Missing Authentication (CVE-2026-27446)
The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - Missing Authentication for Critical Function vulnerability. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound...
PT-2026-23790
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise has an issue where the NVIDIA NIM router endpoint '/api/v1/nvidia-nim/' was incorrectly whitelisted in the global authentication middleware. This allowed unauthenticated access to sensitive...
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-28485
OpenClaw has a vulnerability identified as CVE-2026-28485 affecting versions 2026.1.5 prior to 2026.2.12. The issue is that the /agent/act browser-control HTTP route does not enforce mandatory authentication, permitting unauthorized local callers to invoke privileged browser-context actions and a...
org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication
A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation...
EUVD-2026-9842
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to improper preservation of authentication context in the RestartAction function. An attacker can gain unauthorized access to execute privileged shell actions by exploiting the...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
EUVD-2026-9832
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...