CWE-306: Missing Authentication

An unauthenticated denial-of-service vulnerability in Socomec DIRIS Digiware M-70 allows attackers to crash the device by sending a specially crafted ...

AudioCodes Fax Server and Auto-Attendant IVR appliances contain an unauthenticated file read vulnerability in the download.php script. Attackers can r...

This vulnerability allows unauthenticated attackers with network access via HTTP to cause a denial-of-service (DoS) condition in Oracle Financial Serv...

An unauthenticated remote attacker can exploit this vulnerability in Oracle WebLogic Server via HTTP/2 to cause a denial of service, resulting in serv...

An unauthenticated remote attacker can send a Modbus command to turn off the output of an Uninterruptible Power Supply (UPS), causing a denial of serv...

The Chaos Controller Manager in Chaos Mesh exposes an unauthenticated GraphQL debugging server that allows attackers to kill arbitrary processes in an...

A cryptographic implementation flaw in FactoryTalk Activation Manager allows attackers to decrypt network traffic. This vulnerability affects all syst...

The SecGate3600 firewall has an authentication bypass vulnerability in its user management endpoint that allows unauthenticated attackers to retrieve ...

This vulnerability allows unauthenticated remote attackers to access measurement data stored on affected devices without any password protection. It a...

This vulnerability allows unauthenticated API calls to trigger resource-intensive evaluations in Hydra, potentially causing denial of service attacks....

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. I...

This vulnerability allows unauthorized attackers to bypass security features in Windows Remote Desktop Licensing Service by exploiting missing authent...

This vulnerability allows unauthorized remote attackers to trigger a fail-safe state on affected systems without authentication. Any system running th...

This vulnerability allows remote attackers to access sensitive information from Autel MaxiCharger AC Wallbox Commercial charging stations without auth...

CyberData 011209 Intercom has an authentication bypass vulnerability that allows unauthenticated attackers to access restricted features. This could l...

This vulnerability allows remote attackers to bypass authentication in Soar Cloud HRD Human Resource Management System client applications. Attackers ...

Missing authentication vulnerability in Wi-Fi AP UNIT 'AC-WPS-11ac series' allows remote unauthenticated attackers to access product configuration inf...

Mattermost fails to enforce multi-factor authentication (MFA) on plugin endpoints, allowing authenticated attackers to bypass MFA protections via API ...

This vulnerability allows unauthenticated attackers to access the /setup-complete API endpoint in Anything-LLM version 1.5.5, exposing sensitive syste...

This vulnerability allows remote attackers to obtain administrator credentials in Synology Drive Server due to missing authentication for a critical w...

This vulnerability allows unauthorized remote access to video footage and live streams from IROAD v9 dashcams. Attackers who gain initial access throu...

An unauthenticated remote attacker can disable authentication profile servers in Q-Free MaxTime traffic management systems by sending crafted HTTP req...

This vulnerability allows unauthenticated remote attackers to enable front panel authentication on Q-Free MaxTime systems via crafted HTTP requests. I...

An unauthenticated remote attacker can disable front panel authentication in Q-Free MaxTime systems via crafted HTTP requests. This affects all Q-Free...

This vulnerability allows unauthenticated remote attackers to enable authentication profile servers in Q-Free MaxTime traffic management systems via c...

A missing authentication vulnerability in multiple NEC Aterm router models allows attackers to retrieve Wi-Fi passwords without authentication. This a...

The MinigameCenter module has insufficient URL loading restrictions, allowing attackers to load arbitrary URLs and potentially leak sensitive informat...

The MinigameCenter module has insufficient URL loading restrictions, allowing attackers to load arbitrary URLs and potentially leak sensitive informat...

The health module in affected Vivo devices has insufficient URL loading restrictions, allowing attackers to access sensitive information. This vulnera...

This vulnerability allows attackers to bypass access controls in TP-Link Archer C7 v5 routers via the l_0_0.xml component, potentially exposing sensit...

This vulnerability allows an unauthenticated attacker on the same local network as a medical office to query an unprotected FHIR API, potentially expo...

This vulnerability allows unauthenticated attackers to register custom authentication plugins in Logpoint, bypassing normal authentication mechanisms....

This vulnerability in certain HP DesignJet printers allows attackers to view SMTP server credentials through credential reflection. Attackers could po...

CVE-2024-45276 allows unauthenticated remote attackers to read files from the /tmp directory due to missing authentication checks. This affects system...

This vulnerability in the Plug n Play Camera app allows remote attackers to access sensitive information through the firmware update process. Attacker...

This vulnerability in the Almando Control app allows remote attackers to access sensitive information through insecure firmware update mechanisms. Att...

This vulnerability in Almando Play APP allows remote attackers to access sensitive information during the firmware update process. The issue affects u...

This vulnerability in Fermax Asia Pacific's com.fermax.vida application version 2.4.6 allows remote attackers to access sensitive information through ...

A vulnerability in Shelly com.home.shelly 1.0.4 allows remote attackers to access sensitive information through the firmware update process. This affe...

An unauthenticated attacker can modify the IP address of MSC800 devices via Sopas ET protocol, causing denial of service by making devices unreachable...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. I...

This vulnerability allows attackers to access all user information in 14Finger v1.1 through insecure permissions in the /api/admin/user component. Att...

This vulnerability allows unauthenticated attackers to retrieve sensitive embedded data from the PowerBank Application due to missing authentication a...

This vulnerability allows remote attackers to cause denial-of-service on D-Link D-View systems by exploiting an unauthenticated shutdown_coreserver ac...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. I...

This CVE describes a missing authentication vulnerability in Huawei/HarmonyOS Wi-Fi modules that allows attackers to access critical functions without...

MachineSense devices use unauthenticated MQTT messaging for monitoring and remote viewing of sensor data, allowing attackers to intercept or manipulat...

This vulnerability allows remote unauthenticated attackers to bypass authentication in multiple Mitsubishi Electric industrial software products by se...

This vulnerability allows unauthorized access to photos in the Hidden Photos Album on Apple devices without proper authentication. It affects users of...

CVE-2023-6595 is an authentication bypass vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can access an API endpo...