PT-2026-45502

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

usage: exploit.py -h --lhost LHOST --lport LPOR...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCPJam Inspector Unauthenticated RCE !Pytho...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 !Image althttps...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

No d...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

No d...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...

CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

CVE-2026-8364

Affected software: Gladinet Triofox Cloud Server Agent (GladServerAgentService.exe). Vulnerability behavior: listens on TCP port 7878 and processes remote HTTP messages with URL paths /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. Impact: CVSS 3.1 base score 9.8; con...

CVE-2026-42083

CVE-2026-42083 affects free5GC PCF Npcf_SMPolicyControl where missing router authorization middleware in the smPolicyGroup allowed unauthenticated access to SM policy endpoints (e.g., POST /npcf-smpolicycontrol/v1/sm-policies, GET /sm-policies/{id}, POST /sm-policies/{id}/update, POST /sm-policie...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/Bearer-token authorization when the NEF module mounted the 3gpp-traffic-influence...

PT-2026-44148

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

EUVD-2026-31583

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2026-9371

CVE-2026-9371 affects ItzCrazyKns Vane up to 1.12.1, specifically the API route.ts functionality where a missing authentication check exists. The vulnerability arises from missing authentication in that component, enabling remote manipulation. The issue is described as having a high attack comple...

CVE-2026-9371 ItzCrazyKns Vane API route.ts missing authentication

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2026-9371

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

Remote Code Execution (RCE)

9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...

EUVD-2026-31347

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...