2930 matches found
PT-2026-29904
Name of the Vulnerable Software and Affected Versions Azure Web Apps affected versions not specified Description An issue exists in Azure MCP Server where missing authentication for a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the...
Missing Authentication for Critical Function
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
PraisonAI Has Missing Authentication in WebSocket Gateway
Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the absence of authentication checks in the list.json.php template used by multiple plugin endpoints. An attack...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the onpublishdone.php process. An attacker can disrupt active live streams by sending crafted POST requests with...
EUVD-2026-17905
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...
Missing Authentication for Critical Function
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the key-management endpoints due to improper enforcements of proxy-admin, team-admin, org-admin, or ownership checks. An...
PT-2026-29523
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the MCP server insecure CORS configuration and lack of authentication in the MCP interface. An attacker can gain unauthorized control over all active sessions and exfiltrate sensitive data...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the MCP server insecure CORS configuration and lack of authentication in the MCP interface. An attacker can gain unauthorized control over all active sessions and exfiltrate sensitive data...
CVE-2026-3356
The CVE-2026-3356 entry concerns the MS27102A Remote Spectrum Monitor, a device that exposes an authentication bypass vulnerability. The providedConnected documents (Red Hat, ENISA EUVD, NVD/NVD-related, CISA ICS advisory, AttackersKB, CVE listing, and PT-Security) consistently describe a flaw in...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the mcpmessage endpoint due to missing authentication checks and an empty default IP whitelist, which is treated as allowing all connections. An attacker can gain full control over the Ngi...
MRCMS 安全漏洞
MRCMS is a content management system developed by Marker individuals. MRCMS V3.1.2 has a security vulnerability that stems from the lack of authentication and input validation in the file management module, which may lead to unvalidated directory enumeration...
CVE-2026-5000 PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...
CVE-2026-5000 PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...
CVE-2026-5000
PromtEngineer localGPT has a missing authentication vulnerability in the API Endpoint’s LocalGPTHandler (backend/server.py). The issue is triggered by manipulation of the BaseHTTPRequestHandler, allowing remote access and potential unauthorized control. This affects versions prior to 4d41c7d1713b...
CVE-2026-33366
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
A script for C...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
No d...