CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

PT-2026-45765

A critical chain of vulnerabilities in the Collibra Platform Agent, including CVE-2026-26847 improper authentication and path traversal, allows remote, unauthenticated attackers to achieve Remote Code Execution RCE. Technical Breakdown: Vulnerability Chain: Attackers can exploit improperly...

GHSA-63GR-G7JC-V8RG @agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

EUVD-2026-28367

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

EUVD-2026-23986

Glances: Cross-Origin Information Disclosure via Unauthenticated REST API /api/4 due to Permissive CORS...

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. Versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 of Oracle Financial Services Analytical Applications Infrastructure contain security vulnerabilities. These...

Oracle HCM Common Architecture 安全漏洞

Oracle HCM Common Architecture is an HR management system architecture component developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle HCM Common Architecture contain security vulnerabilities. These vulnerabilities stem from issues with the Knowledge Integration component,...

EUVD-2026-15194

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

CVE-2026-32326

SHARP routers are affected by CVE-2026-32326 due to missing authentication for some web APIs, enabling retrieval of device information without authentication. The impact could be severe if the administrative password is left as the initial default, potentially allowing takeover of the device. The...

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

glances 信息泄露漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained an information leakage vulnerability. This vulnerability stemmed from the web server running without authentication, allowing unauthenticated network clients to access sensitive system...

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

METIS DFS 安全漏洞

METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...

PT-2026-7597

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...