CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

CVE-2026-50512

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

EUVD-2026-35771

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

MCPJam Inspector Authorized Security Validator A bounded proo...

PT-2026-48151

Name of the Vulnerable Software and Affected Versions Microsoft PC Manager affected versions not specified Description Improper link resolution before file access and missing authentication for a critical function allow an authorized attacker to elevate privileges locally. Recommendations At the...

CVE-2025-62619

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality...

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

CVE-2026-7723

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

CVE-2026-32962

SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication...

CVE-2026-6588

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

CVE-2026-6375

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

CVE-2026-45327

TinyIce (Go) versions 0.8.95–2.4.1 expose a missing authentication on the WebRTC ingest endpoint POST /webrtc/source-offer?mount=, enabling unauthenticated stream injection. The issue is fixed in v2.5.0 by requiring either HTTP Basic auth or a ?password= query parameter, verifying the supplied pa...

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

EUVD-2026-34793

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...