CWE-306: Missing Authentication

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint that accepts Mailchimp API credentials. Unauthenti...

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter's web management interface lacks authentication, allowing any unauthenticated user to acce...

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in its embedded web server that allows unauthenticate...

Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read/write, and other unauthorized actions when mutual SSL/TLS ...

An authentication bypass vulnerability in UniFi Access door control software allows attackers on the management network to access administrative APIs ...

CVE-2025-9574 is a critical missing authentication vulnerability in ABB ALS-mini-s4 IP and ALS-mini-s8 IP devices that allows unauthenticated attacker...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands with high privileges on affected devices. The issue ...

CVE-2025-32440 is an authentication bypass vulnerability in NetAlertX that allows unauthenticated attackers to execute sensitive administrative functi...

This critical vulnerability in an embedded web server allows unauthenticated remote attackers to access the device without any authentication. This af...

CVE-2024-46506 is an unauthenticated remote command injection vulnerability in NetAlertX that allows attackers to execute arbitrary commands on affect...

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated remote code execution. Attackers can exploit a flaw...

CVE-2025-24865 allows unauthenticated access to the mySCADA myPRO Manager administrative web interface. Attackers can retrieve sensitive information a...

Simofa versions before 0.2.7 have an authentication bypass vulnerability in the RouteLoader class that exposes API routes that should require authenti...

This critical vulnerability allows attackers with physical access to a service technician's computer to access ventilator diagnostic information and m...

The MachineSense API lacks authentication controls, allowing remote attackers to access and modify sensitive information without credentials. This aff...

This vulnerability in Envoy's OAuth filter allows attackers to bypass authentication by providing any access token, even invalid ones. It affects all ...

This critical vulnerability in Emerson OpenEnterprise allows attackers to execute arbitrary commands with system privileges or perform remote code exe...

CVE-2021-43832 is a critical authentication bypass vulnerability in Spinnaker, an open-source continuous delivery platform. It allows any user with ac...

This critical vulnerability in WAGO managed switches allows unauthenticated attackers to create new user accounts via specially crafted network packet...

CVE-2020-26829 is a critical authentication bypass vulnerability in SAP NetWeaver AS JAVA's P2P cluster communication. It allows unauthenticated attac...

CVE-2020-26821 is a critical vulnerability in SAP Solution Manager's SVG Converter Service that allows unauthenticated attackers to compromise the sys...

This vulnerability allows unauthenticated attackers to compromise SAP Solution Manager systems due to missing authorization checks in the Upgrade Diag...

An unauthenticated attacker with management network access can exploit exposed REST APIs on Radiflow iSAP Smart Collector devices to access all system...

This vulnerability in myQNAPcloud Link allows attackers to access critical functions without authentication. It affects users running vulnerable versi...

This vulnerability allows unauthenticated attackers to access a limited subset of certificates stored in the Windows operating system through improper...

Nginx UI versions before 2.3.3 expose an unauthenticated API endpoint that discloses encryption keys in response headers, allowing attackers to downlo...

OpenSTAManager versions 2.9.8 and earlier contain an authentication bypass and privilege escalation vulnerability that allows attackers to arbitrarily...

This critical vulnerability allows attackers to bypass authentication mechanisms in ePati Antikor Next Generation Firewall (NGFW), potentially gaining...

Slican NCP/IPL/IPM/IPU devices contain a PHP function injection vulnerability in the /webcti/session_ajax.php endpoint. Unauthenticated remote attacke...

This critical vulnerability allows attackers to access and manipulate sensitive data without authentication in Acronis Cyber Protect products. It affe...

This vulnerability in BiEticaret CMS allows attackers to bypass authentication and manipulate HTTP responses through Execution After Redirect and Miss...

This vulnerability allows unauthenticated attackers to remotely change the password recovery email address via an exposed API endpoint. This affects H...

Calero VeraSMART versions before 2022 R1 expose an unauthenticated .NET Remoting service on port 8001, allowing remote attackers to read/write arbitra...

This critical vulnerability in Milvus vector database allows unauthenticated attackers to bypass authentication and execute arbitrary operations. Atta...

This critical vulnerability in the AdForest WordPress theme allows unauthenticated attackers to bypass authentication and log in as any user, includin...

This vulnerability allows unauthenticated attackers to remotely change device passwords via an unprotected API endpoint. It affects systems running vu...

Bambuddy versions before 0.1.7 have two critical authentication flaws: a hardcoded JWT secret key in source code and missing authentication checks on ...

CVE-2022-50981 allows unauthenticated remote attackers to gain full administrative access to affected devices because they ship without a default pass...

An unauthenticated attacker can create or delete administrator accounts on KiloView Encoder Series devices, granting full administrative control. This...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on SmarterMail servers by pointing them to maliciou...

CVE-2021-47891 is a critical remote code execution vulnerability in Unified Remote 3.9.0.2463 that allows attackers to send crafted network packets to...

CVE-2026-1364 is a critical missing authentication vulnerability in IAQS and I6 systems developed by JNC. Unauthenticated remote attackers can directl...

Dragonfly versions 2.4.1-rc.0 and below have missing authentication and authorization checks on Job API endpoints, allowing unauthenticated users with...

CVE-2026-23944 is an authentication bypass vulnerability in Arcane Docker management interface that allows unauthenticated attackers to proxy requests...

MCPJam inspector versions 1.4.2 and earlier contain a critical remote code execution vulnerability. Attackers can send a crafted HTTP request that tri...

The Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability that allows unauthenticated remote attackers to re...

Delta Electronics DIAView has a critical authentication bypass vulnerability (CWE-306) that allows attackers to bypass authentication mechanisms and g...

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without valid credentials by manipulating login reques...

Bagisto eCommerce platform versions before 2.3.10 have unprotected API endpoints that remain accessible after installation. Unauthenticated attackers ...

CVE-2025-65856 is an authentication bypass vulnerability in Xiongmai XM530 IP cameras that allows unauthenticated remote attackers to access sensitive...