CVE-2026-6663

CVE-2026-6663 affects the WordPress GWD Connect plugin (versions up to and including 2.9). The vulnerability arises from missing authorization on standalone agent endpoints (gwd-backup.php and gwd-logs.php) when the API key is not configured (default state). This allows unauthenticated attackers,...

Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)

Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Use of Hard-coded Cryptographic Key in creating backup of configuration files CWE-321 - CVE-2026-25107 OS command injection in processing of pingipaddr parameter...

CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-31244

The CVE-2026-31244 entry concerns the mem0 1.0.0 server, where the memory deletion API (DELETE /memories/{memory_id}) lacks authentication/authorization. This allows unauthenticated remote deletion of memory records, enabling unauthorized data loss and potential denial of service. Severity is CVS...

AMD Device Management Portal Key Download

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62619| Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to...

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185 UGREEN CM933 Administrative missing authentication

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

EUVD-2026-28909

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185 UGREEN CM933 Administrative missing authentication

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185

The CVE primarily affects UGREEN CM933 1.1.59.4319, where an unknown function in the Administrative Interface allows missing authentication. This vulnerability requires local-network proximity (attack vector Adjacent) and exposes confidentiality, integrity, and availability at Low impact per the ...

PT-2026-39331

Name of the Vulnerable Software and Affected Versions UGREEN CM933 version 1.1.59.4319 Description An authentication bypass exists in the Administrative Interface of the device. This issue allows an attacker located on the local network to bypass authentication mechanisms due to a flaw in an...

free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...

Missing Authentication for Critical Function

Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

📄 WordPress Chart 3.5.9 Missing Authentication

The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without any nonce or capability checks...