2911 matches found
EUVD-2026-9832
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the InitRouter handling of /backup. An attacker can gain access to sensitive backup archives and decrypt confidential data by sending unauthenticated requests to the /api/backup endpoint,...
GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...
CVE-2026-30784 RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...
CVE-2026-30784
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...
CVE-2026-30784
The CVE-2026-30784 issue concerns RustDesk Server (hbbs/hbbr) on all server platforms, affecting rustdesk-server and rustdesk-server-pro up to versions 1.7.5 (hbbs) and 1.1.15 (hbbr). The root cause is Missing Authorization and Missing Authentication for a Critical Function, enabling Privilege Ab...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
CVE-2026-26418
CVE-2026-26418 affects Tata Consultancy Services Cognix Recon Client v3.0. The issue is missing authentication and authorization in the web API, allowing remote attackers to access application functionality without restriction over the network. The available description does not specify affected ...
PT-2026-23478
Name of the Vulnerable Software and Affected Versions Tata Consultancy Services Cognix Recon Client version 3.0 Description A lack of proper authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 enables remote attackers to access application...
CVE-2026-26418
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound Core federation connection to it, and use it to inject or exfiltrate messages from the...
Missing Authentication for Critical Function
Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound...
GHSA-FW88-PF9M-P947 Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions
Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...
CVE-2026-27446
Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...
CVE-2026-27446
Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...
Missing Authentication for Critical Function
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /extension endpoint when the Chrome extension relay feature is enabled. An attacker can gain unauthorized access to extension-relay...
Missing Authentication for Critical Function
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the webhook process of the optional BlueBubbles plugin when password authentication is not configured for incoming webhook events. An...
CVE-2026-1775 Missing Authentication for Critical Function in Labkotec LID-3300IP
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...
CVE-2026-1775
The CVE-2026-1775 entry concerns Labkotec LID-3300IP ice detector software with a missing authentication for a critical function. An unauthenticated attacker can alter device parameters and execute operational commands by sending specially crafted packets to the device. According to the provided ...