2997 matches found
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
CyberPower - Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...
CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...
EUVD-2026-42624
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...
CVE-2026-31983
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...
CVE-2026-31983
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...
EUVD-2026-42533
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...
CVE-2026-31983
CVE-2026-31983 describes a missing authentication vulnerability in the SSH keys synchronization endpoint. An unauthenticated attacker can query the SSH keys sync endpoint and obtain the list of users who uploaded public SSH keys, their groups, and the uploaded keys. Reported impacts include expos...
CVE-2026-59804
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...
EUVD-2026-42373
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...
CVE-2026-13019 Missing Authentication
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...
CVE-2026-13019
Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...
Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0
Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...
CVE-2026-53913
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...
PT-2026-55908
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper authentication and a failure to fail securely in the Apache Camel Keycloak component allow unauthenticated access to protected routes...
CVE-2026-14622
CVE-2026-14622 affects the restaurant-website-php-mysql project (up to commit 521428b5b612449df0cf4a5d15ee40cba67f3d35). The vulnerability is in the /admin/ajax_files component of the AJAX Endpoint, whereby input manipulation leads to missing authentication. It is exploitable remotely, with a pub...
EUVD-2026-41661
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...
CVE-2026-4767
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
CVE-2026-4767
Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the supplied documents. Monitor for updates.
EUVD-2026-41371
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...