CWE-306: Missing Authentication

This vulnerability allows remote unauthenticated attackers to bypass authentication in multiple Mitsubishi Electric industrial software products by se...

This vulnerability allows unauthorized access to photos in the Hidden Photos Album on Apple devices without proper authentication. It affects users of...

CVE-2023-6595 is an authentication bypass vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can access an API endpo...

This vulnerability allows unauthenticated attackers to reset the admin login password and WiFi passwords on TOTOLINK X6000R routers. Attackers can gai...

This vulnerability allows unauthenticated attackers to retrieve student information from IDAttend's IDWeb application by exploiting missing authentica...

This vulnerability allows unauthenticated attackers to extract sensitive student and teacher data from IDAttend's IDWeb application. It affects organi...

This vulnerability allows unauthenticated attackers to extract sensitive student data from IDAttend's IDWeb application. It affects organizations usin...

This vulnerability allows unauthenticated attackers to extract sensitive student data from IDAttend's IDWeb application. It affects organizations usin...

CVE-2023-26574 allows unauthenticated attackers to extract sensitive student data from IDAttend's IDWeb application by exploiting missing authenticati...

This vulnerability allows unauthenticated attackers to extract sensitive student data from IDAttend's IDWeb application by exploiting missing authenti...

CVE-2023-26580 is an unauthenticated arbitrary file read vulnerability in IDAttend's IDWeb application version 3.1.013. This allows attackers without ...

MXsecurity versions before v1.0.1 have an authentication bypass vulnerability that allows remote attackers to access device information without proper...

Saho ADM100 and ADM-100FP attendance devices lack authentication for critical functions, allowing unauthenticated remote attackers to execute system c...

Walchem Intuition 9 firmware versions before v4.21 lack authentication on certain API routes, allowing unauthenticated attackers to access and export ...

The Broadcom RAID Controller Web server (nginx) exposes private files without requiring authentication. This vulnerability allows unauthorized users t...

CVE-2023-36347 is an authentication bypass vulnerability in POS Codekop v2.0 that allows unauthenticated attackers to access sensitive selling data th...

This vulnerability allows remote unauthenticated attackers to access sensitive information from affected Wi-Fi AP UNIT devices due to missing authenti...

CVE-2023-33247 is an unauthenticated remote code execution vulnerability in Talend Data Catalog's remote harvesting server. Attackers can deploy malic...

This CVE describes an authentication bypass vulnerability in Huawei's reminder module where broadcasts can be processed without proper authentication....

This vulnerability allows unauthenticated remote attackers to disrupt SICK Flexi Classic and Flexi Soft Gateways by changing their IP settings via bro...

This vulnerability allows remote unauthenticated attackers to execute critical functions on SkyBridge MB-A100/110 devices without authentication. Atta...

This vulnerability allows unauthenticated remote attackers to access the Jolokia endpoint in Talend Studio microservices, exposing the JVM via the JMX...

This vulnerability allows unauthenticated attackers to cause Denial-of-Service on Schneider UPS Monitor service by exploiting missing authentication f...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via the T3 protocol to gain unauthorized access to s...

BlackVue DR750-2CH LTE dash cameras running firmware version 1.012_2022.10.26 lack authentication on their web server interface. This allows attackers...

CVE-2020-14140 is an unauthenticated API vulnerability in Xiaomi router firmware that allows attackers to retrieve WiFi passwords without authenticati...

This vulnerability in Apollo configuration management system allows unauthenticated access to the built-in Eureka service when apollo-configservice is...

The TIANJIE CPE906-3 device has a vulnerability that allows unauthenticated attackers to retrieve administrative passwords. This affects devices runni...

CVE-2022-24990 is an unauthenticated remote code execution vulnerability in TerraMaster NAS devices. Attackers can discover the administrative passwor...

Honeywell Experion PKS Safety Manager lacks authentication on proprietary protocols, allowing unauthenticated attackers to manipulate controller state...

This vulnerability in Apache Hive allows unauthorized users to manipulate existing User-Defined Functions (UDFs) without proper authorization checks. ...

CVE-2022-28771 is an authentication bypass vulnerability in SAP Business One License Service API that allows unauthenticated attackers to send malicio...

CVE-2022-21952 is a missing authentication vulnerability in SUSE Manager Server's spacewalk-java component that allows remote attackers to trigger dis...

CVE-2021-42893 is an information disclosure vulnerability in TOTOLINK EX1200T routers where attackers can access sensitive configuration data includin...

This vulnerability in TOTOLINK EX1200T routers allows unauthenticated attackers to retrieve sensitive WiFi configuration information including network...

CVE-2022-26026 is a denial-of-service vulnerability in Open Automation Software OAS Platform's SecureConfigValues functionality. Attackers can send sp...

BigAnt Server v5.6.06 contains an incorrect access control vulnerability that allows attackers to bypass authentication mechanisms. This affects organ...

Piwigo v12.2.0 contains an information disclosure vulnerability in the admin maintenance actions page. Attackers can exploit this to leak sensitive in...

This vulnerability allows remote attackers to access the 'MNU_top.htm' page on Netgear WAC104 access points without authentication, exposing sensitive...

An access control vulnerability in FreeTAKServer v1.9.8 allows unauthenticated attackers to create excessive routes, causing denial of service, or cre...

This vulnerability allows remote attackers to access sensitive log files in Wipro Holmes Orchestrator by exploiting a predictable /log URI. Attackers ...

ESPHome versions 2021.9.1 and older with web_server enabled and HTTP basic auth configured are vulnerable to authentication bypass. Attackers can perf...

CVE-2021-22012 is an information disclosure vulnerability in VMware vCenter Server's unauthenticated appliance management API. Attackers with network ...

IBM Guardium Data Encryption (GDE) versions 3.0.0.2 and 4.0.0.4 have an authentication bypass vulnerability where certain functionality requiring user...

This vulnerability allows unauthenticated attackers to trigger a factory reset on Western Digital My Book Live and My Book Live Duo network storage de...

This vulnerability allows unauthenticated attackers to access live snapshots and video streams from NightOwl WDB-20-V2 doorbell cameras. The device's ...

CVE-2020-35755 is an information disclosure vulnerability in Libre Wireless LS9 devices where the luci_service daemon on port 7777 allows unauthentica...

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older expose an internal management service on port 8000 without authentication....

This vulnerability allows unauthenticated attackers to send unlimited requests to a specific Grafana Enterprise API endpoint, causing denial of servic...

This vulnerability allows remote attackers to access sensitive device information from the Emerson Smart Wireless Gateway 1420 administrator console w...