Missing Authentication for Critical Function

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the omission of the rootapikey configuration. An attacker can gain unauthorized ROOT-level access by sending requests to protected...

CVE-2026-27846

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-27028

CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...

CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

Chargemap 访问控制错误漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a access control vulnerability, which stems from the lack of an appropriate authentication mechanism. This vulnerability may allow unauthorized sites to simulate operations, escalate...

CVE-2026-24731

CVE-2026-24731 affects EV2GO EV2GO ev2go.io: WebSocket endpoints lack authentication, allowing unauthenticated charging stations to impersonate a station and issue/receive OCPP commands to the backend. Root cause: missing authentication at the OCPP WebSocket endpoint enabling privilege escalation...

CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-25851

The CVE-2026-25851 entries describe a vulnerability where WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications lack authentication. The underlying issue allows an unauthenticated attacker to connect to the OCPP WebSocket endpoint (e.g., with a known or discovered charging...

CVE-2026-2624

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass.This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...

Missing Authentication for Critical Function

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the agent endpoint. An attacker can perform arbitrary database operations against any connected server instance by sending...

EUVD-2026-8648

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3194 Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-27846

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...

CVE-2026-27846

The CVE-2026-27846 entry involves missing authentication that allows a user with physical access to a Linksys MR9600 (firmware 1.0.4.205530) or MX4200 (firmware 1.0.13.210200) to misuse the mesh functionality and potentially access sensitive information, including the admin web interface password...

CVE-2026-27846 Missing authentication in Linksys MR9600, Linksys MX4200

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

CVE-2026-2624

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass. This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...

CVE-2026-2624

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall NGFW allows Authentication Bypass. This issue affects Antikor Next Generation Firewall NGFW: from v.2.0.1298 before v.2.0.1301...