2930 matches found
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper handling of authentication bootstrap errors during startup, which leaves browser-control routes accessible without...
PT-2026-26639
Name of the Vulnerable Software and Affected Versions QVR Pro versions prior to 2.7.4.14 Description QVR Pro is affected by a missing authentication check for critical functions, allowing remote attackers to gain access to the system. The issue allows attackers to bypass authentication and access...
PT-2026-26686
Name of the Vulnerable Software and Affected Versions CTEK Chargeport affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated...
PT-2026-26569
A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1 20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attac...
Missing Authentication for Critical Function
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the improper validation of third-party auth provider's credentials. An...
MCP Connect has unauthenticated remote OS command execution via /bridge endpoint
Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...
GHSA-WVR4-3WQ4-GPC5 MCP Connect has unauthenticated remote OS command execution via /bridge endpoint
Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the decryptMessage.json.php endpoint, which processes user-supplied private keys, encrypted messages, and...
Missing Authentication for Critical Function
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in WordNet Browser HTTP server in default configuration. An attacker can cause the service to...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the POST /api/v1/buildpublictmp/flowid/flow endpoint when attacker-controlled flow data is supplied to the data parameter, which is then executed using exec without authentication or...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the checkConfiguration.php process. An attacker can gain full administrative control and manipulate the application...
EUVD-2026-12547
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-4312
Affected product: DrangSoft GCB/FCB Audit Software. Vulnerability: Missing Authentication, enabling unauthenticated remote attackers to directly access APIs and create a new administrative account. Impact/risks: High impact on confidentiality, integrity, and availability as per CVSS metrics (CRIT...
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the actionLoadBucketData endpoint in DefaultController. An attacker can access sensitive information by sending unauthenticated requests with a valid CSRF token. Remediation Upgrade...