2911 matches found
Chargemap 访问控制错误漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a access control vulnerability, which stems from the lack of an appropriate authentication mechanism. This vulnerability may allow unauthorized sites to simulate operations, escalate...
CVE-2026-24731
CVE-2026-24731 affects EV2GO EV2GO ev2go.io: WebSocket endpoints lack authentication, allowing unauthenticated charging stations to impersonate a station and issue/receive OCPP commands to the backend. Root cause: missing authentication at the OCPP WebSocket endpoint enabling privilege escalation...
CVE-2026-25851
The CVE-2026-25851 entries describe a vulnerability where WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications lack authentication. The underlying issue allows an unauthenticated attacker to connect to the OCPP WebSocket endpoint (e.g., with a known or discovered charging...
CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-2624
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass.This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...
Missing Authentication for Critical Function
Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the agent endpoint. An attacker can perform arbitrary database operations against any connected server instance by sending...
EUVD-2026-8648
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...
CVE-2026-3194
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...
CVE-2026-3194 Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...
CVE-2026-27846
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...
CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...
CVE-2026-27846 Missing authentication in Linksys MR9600, Linksys MX4200
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...
CVE-2026-27846
The CVE-2026-27846 entry affects Linksys MR9600 (firmware 1.0.4.205530) and MX4200 (firmware 1.0.13.210200). The root cause is missing authentication enabling a physically proximate user to misuse the mesh functionality to add a new mesh device, leading to exposure of sensitive data such as the a...
CVE-2026-2624
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass. This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...
CVE-2026-2624
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass. This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...
PT-2026-21925
Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 1.0.4.205530 Linksys MX4200 version 1.0.13.210200 Description A lack of proper authentication allows a user with physical access to the device to misuse the mesh functionality. This can lead to gaining access to sensitiv...
PT-2026-21969
Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue exists in Chia Blockchain version 2.1.0 related to missing authentication within the RPC Server Master Passphrase Handler component. Specifically, the send transaction/get private key...
PT-2026-21902
Name of the Vulnerable Software and Affected Versions ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW versions prior to 2.0.1301 Description A missing authentication check for a critical function in the Antikor Next Generation Firewall NGFW allows an attacker to bypas...
Missing Authentication for Critical Function
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SimpleFIN and PluggyAI integration endpoints. An attacker can access sensitive bank account balances and transaction information by...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-32433 python ErlangSSHRCE.py...