PT-2026-21925

Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 1.0.4.205530 Linksys MX4200 version 1.0.13.210200 Description A lack of proper authentication allows a user with physical access to the device to misuse the mesh functionality. This can lead to gaining access to sensitiv...

PT-2026-21902

Name of the Vulnerable Software and Affected Versions ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW versions prior to 2.0.1301 Description A missing authentication check for a critical function in the Antikor Next Generation Firewall NGFW allows an attacker to bypas...

PT-2026-21969

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue exists in Chia Blockchain version 2.1.0 related to missing authentication within the RPC Server Master Passphrase Handler component. Specifically, the send transaction/get private key...

Missing Authentication for Critical Function

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SimpleFIN and PluggyAI integration endpoints. An attacker can access sensitive bank account balances and transaction information by...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 python ErlangSSHRCE.py...

CVE-2026-3053

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

EUVD-2026-7432

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3053

DataLinkDC dinky OpenAPI Endpoint vulnerability (CVE-2026-3053) affects dinky up to version 1.2.5, via the addInterceptors function in dinky-admin/src/main/java/org/dinky/configure/AppConfig.java. The flaw enables remote authentication bypass due to manipulation of the OpenAPI Endpoint component....

actual 访问控制错误漏洞

Actual is a personal finance tool developed by Actual OpenSource. Versions of Actual prior to 26.2.1 contained an access control vulnerability. This vulnerability stemmed from the lack of an authentication middleware in the ActualBudget server component, which could allow unverified users to acce...

Dinky 访问控制错误漏洞

Dinky is an open-source real-time computing platform developed by DataLinkDC. Versions of Dinky 1.2.5 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from a missing authentication check in the addInterceptors function of the OpenAPI endpoint...

CVE-2025-30410

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 39870, Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938, Acronis Cyber Protect 15 Linux, macOS,...

CVE-2026-24790

Technical details about CVE-2026-24790 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2025-30410

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 39870, Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938, Acronis Cyber Protect 15 Linux, macOS,...

CVE-2025-30410

CVE-2025-30410 involves sensitive data disclosure and data manipulation due to missing authentication. Affected products and minimum failing builds are: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before 39870; Acronis Cyber Protect 16 (Linux, macOS, Windows) before 39938; Acronis C...

CVE-2025-30410

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 39870, Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938, Acronis Cyber Protect 15 Linux, macOS,...