2936 matches found
Missing Authentication for Critical Function
Overview frosh/adminer-platform is an Adminer for Shopware Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Adminer route configuration, which does not enforce session validation. An attacker can gain unauthorized access to sensitive...
CVE-2026-2234
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
CVE-2026-2234 HGiga|C&Cm@il - Missing Authentication
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
CVE-2026-2234 HGiga|C&Cm@il - Missing Authentication
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
CVE-2026-2234
CVE-2026-2234 concerns the C&Cm@il product developed by HGiga, described as a Missing Authentication vulnerability that allows unauthenticated remote attackers to read and modify any user’s mail content. The available entries consistently state a network-accessible flaw with no authentication req...
PT-2026-7077
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
CVE-2026-2165
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...
EUVD-2026-5784
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...
CVE-2026-2165 detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the registrar's TLS context being configured with ssl.CERTOPTIONAL instead of requiring clien...
CVE-2026-2065 Flycatcher Toys smART Pixelator Bluetooth Low Energy missing authentication
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. T...
EUVD-2026-5594
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. T...
CVE-2026-2065
The CVE-2026-2065 entry concerns Flycatcher Toys smART Pixelator 2.0, specifically the Bluetooth Low Energy Interface. The connected documents provide concrete details: a manipulation of the BLE interface leads to missing authentication, the attack is executable from the local network, and exploi...
CVE-2025-10753
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' opti...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...