2910 matches found
Missing Authentication for Critical Function
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the request handler in modules/utenti/actions.php. An attacker can grant themselves or...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
No d...
PT-2026-22743
Name of the Vulnerable Software and Affected Versions iBoysoft NTFS for Mac version 8.0.0 Description iBoysoft NTFS for Mac contains a local privilege escalation issue in its privileged helper daemon, ntfshelperd. The daemon exposes an NSConnection service that operates with root privileges witho...
CVE-2026-2844
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-28408
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...
EUVD-2026-9101
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-2844
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-2844
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-2844
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-2844 TimePictra Authentication Bypass Vulnerability
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
PT-2026-22466
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2026-28408
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...
CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...
CVE-2026-28408
WeGIA web manager vulnerability in file adicionar_tipo_docs_atendido.php : before version 3.6.5, the script bypassed the central controller and lacked authentication/permission checks, allowing external actors to access employee-only features and inject unauthorized data into storage. No exploita...
Missing Authentication for Critical Function
Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the omission of the rootapikey configuration. An attacker can gain unauthorized ROOT-level access by sending requests to protected...
CVE-2026-27846
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...
CVE-2026-27028
CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Chargemap 访问控制错误漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a access control vulnerability, which stems from the lack of an appropriate authentication mechanism. This vulnerability may allow unauthorized sites to simulate operations, escalate...