2927 matches found
CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...
CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
EUVD-2026-25719
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-7042
The CVE concerns 666ghj MiroFish REST API Endpoint (up to version 0.1.2). The flaw is in the create_app function located at backend/app/init .py, described as missing authentication. This can enable remote abuse, with a published exploit mentioned in the description. No remediation or patch detai...
Exploit for Missing Authentication for Critical Function in Coreweave Marimo
CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...
CVE-2026-40620
SenseLive X3050 is affected by a network‑accessible vulnerability in its embedded management service that permits full administrative control without authentication or authorization. The issue enables any reachable host using a vendor or compatible client to modify critical configuration paramete...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...
Rclone 操作系统命令注入漏洞
Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports synchronization with various cloud storages, including Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud...
CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...
CVE-2026-34413
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...