2927 matches found
CVE-2026-28767
CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...
CVE-2026-32646
CVE-2026-32646 concerns the Gardyn Cloud API where administrative endpoints (e.g., /api/admin/) lack proper authentication, exposing device management and internal admin communications. Multiple connected sources (Red Hat, CVE/CVE list, Circle, CVE writeups, and PT-2026-30214) corroborate a patte...
CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint is accessible without proper authentication, exposing device management functions...
Missing Authentication for Critical Function
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI endpoints under /ajax-api/3.0/jobs/ when the basic-auth app is enabled. An attacker can gain unauthorized access to submit, read, search, and cancel jobs by sending network...
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow
In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...
EUVD-2026-18560
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
CVE-2026-32211
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
CVE-2026-32211
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
CVE-2026-35053
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...
Exploit for CVE-2026-28767
CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...
Azure MCP Server Information Disclosure Vulnerability
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
EUVD-2026-18120
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...
Missing Authentication for Critical Function
Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /api/vanna/v2/chatpoll, /api/vanna/v2/chatsse, and /api/vanna/v2/chatwebsocket endpoints. An attacker can gain unauthorized access...
CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...
CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...
CVE-2026-5320
CVE-2026-5320 affects vanna-ai vanna up to 2.0.2. The vulnerability resides in an unknown functionality of the file /api/vanna/v2/ (Chat API Endpoint), where manipulation leads to missing authentication and allows remote exploitation. Public exploit available; vendor status unknown. Affected pack...
PT-2026-29904
Name of the Vulnerable Software and Affected Versions Azure Web Apps affected versions not specified Description An issue exists in Azure MCP Server where missing authentication for a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the...
PraisonAI Has Missing Authentication in WebSocket Gateway
Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...
Missing Authentication for Critical Function
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...