CWE-306: Missing Authentication

This vulnerability allows unauthenticated attackers to access live snapshots and video streams from NightOwl WDB-20-V2 doorbell cameras. The device's ...

CVE-2020-35755 is an information disclosure vulnerability in Libre Wireless LS9 devices where the luci_service daemon on port 7777 allows unauthentica...

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older expose an internal management service on port 8000 without authentication....

This vulnerability allows unauthenticated attackers to send unlimited requests to a specific Grafana Enterprise API endpoint, causing denial of servic...

This vulnerability allows remote attackers to access sensitive device information from the Emerson Smart Wireless Gateway 1420 administrator console w...

This vulnerability allows unauthenticated attackers to retrieve administrative configuration data from Scytl sVote 2.1 systems by sending POST request...

An improper webserver configuration in Plum IK-401 devices allows unauthenticated attackers with network access to retrieve the device configuration f...

CVE-2020-28937 is a missing authentication vulnerability in OpenClinic that allows unauthenticated attackers to access any patient's medical test resu...

An unauthenticated attacker can replace legitimate vSRX images with malicious ones in Juniper Security Director Policy Enforcer. This allows network-b...

CVE-2021-21535 is a missing authentication vulnerability in Dell Hybrid Client that allows local unauthenticated attackers to gain root access. This a...

This authorization bypass vulnerability in Petlibro Smart Pet Feeder Platform allows unauthorized users to add themselves as shared owners to any devi...

This vulnerability allows attackers to bypass authorization controls in Xiaomi phone frameworks, enabling unauthorized access to sensitive system meth...

This vulnerability exposes the Ironic API without authentication when TLS is disabled and API/Conductor services aren't separated. It affects Metal³ ...

This vulnerability in SQL Server allows attackers with existing network access to bypass authentication checks and execute privileged functions. It af...

An unauthenticated denial-of-service vulnerability in Socomec DIRIS Digiware M-70's Modbus RTU over TCP functionality allows attackers to crash the de...

An unauthenticated denial-of-service vulnerability in Socomec DIRIS Digiware M-70's Modbus TCP functionality allows attackers to send specially crafte...

The Mattermost Confluence Plugin before version 1.5.0 has an authentication bypass vulnerability that allows unauthenticated attackers to edit channel...

The Mattermost Confluence Plugin before version 1.5.0 has an authorization bypass vulnerability that allows attackers to create unauthorized channel s...

CVE-2024-31525 is a privilege escalation vulnerability in Peppermint Ticket Management 0.4.6 where regular users can become administrators due to clie...

This vulnerability allows unauthenticated attackers to execute operating system commands via unauthenticated GET requests to the web server in affecte...

This vulnerability allows authenticated attackers to execute arbitrary code on MotionEye and MotionEyeOS servers by uploading malicious Python pickle ...

An authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer allows attackers to access restricte...

This vulnerability allows privileged users to log in without proper credentials after enabling an application protocol in Eaton BLSS. It affects syste...

This vulnerability in tmerc-cogs for Red Discord bot allows any user to access sensitive information by crafting a specific MassDM message. It affects...

CVE-2020-35226 allows unauthenticated attackers to modify DHCP configuration on affected NETGEAR switches. This vulnerability enables unauthorized net...

EDB Hybrid Manager contains an authentication bypass vulnerability in gRPC endpoints due to Istio Gateway misconfiguration. Unauthenticated attackers ...

This CVE describes a privilege escalation vulnerability in Xorg X11 server where clients can connect without proper authentication. Attackers can impe...

A misconfiguration vulnerability in Bosch Infotainment ECUs during systemd service startup enables developer features including disabled firewall and ...

This vulnerability allows unauthenticated attackers to access ONVIF services on affected camera systems, exposing sensitive configuration information....

This vulnerability allows unauthenticated attackers to access RTSP services on affected camera systems, potentially exposing sensitive configuration i...

The Reolink Video Doorbell WiFi DB_566128M5MP_W has an unsecured UART/serial console that allows physical attackers to gain root shell access and exec...

This vulnerability allows unauthenticated attackers to gain root shell access to Kapsch TrafficCom RIS-9260 RSU devices via Android Debug Bridge (ADB)...

This vulnerability allows attackers within Bluetooth range to eavesdrop on communications between COROS PACE 3 smartwatches and paired devices. The BL...

This vulnerability allows device administrators to change SMTP server settings without re-entering credentials, potentially exposing original SMTP cre...

IBM Planning Analytics Local 2.0 and 2.1 connects to MongoDB without requiring authentication, allowing remote attackers to access the database. This ...

This vulnerability in SAP Internet Communication Framework allows attackers to bypass authentication by reusing valid authorization tokens without pro...

This vulnerability in Versa Director allows unauthenticated attackers to steal authentication tokens from currently logged-in users by exploiting an u...

OpenClaw versions before 2026.2.14 have a webhook signature verification bypass in the voice-call extension when tunnel.allowNgrokFreeTierLoopbackBypa...

An unauthenticated attacker on the same Controller Area Network (CAN) bus can disrupt operations by rapidly switching between configuration presets. T...

This vulnerability allows an unauthenticated attacker on the same network segment to disrupt operations by switching between multiple configuration pr...

An unauthenticated attacker within Bluetooth range can send BLE commands to Meatmeet devices, causing denial of service by shutting down, restarting, ...

This vulnerability allows remote attackers to bypass authentication in Fluent Bit's in_forward input plugin under certain configurations, enabling the...

Mattermost versions before 11 fail to enforce multi-factor authentication on WebSocket connections, allowing unauthenticated users to bypass MFA and a...

This vulnerability affects Siemens LOGO! programmable logic controllers (PLCs) and their SIPLUS variants. An unauthenticated remote attacker can chang...

Unauthorized attackers can exploit Apache SeaTunnel's REST API to read arbitrary files and perform deserialization attacks by submitting malicious job...

This CVE describes a critical authentication bypass vulnerability in certain devices where both the web interface and MQTT server lack any authenticat...

This CVE describes a missing authentication vulnerability in Drupal Panels that allows attackers to bypass access controls on critical functions. Atta...

This vulnerability allows network-adjacent attackers to access D-Link DAP-1325 router functionality without authentication via the CGI interface. Atta...

This vulnerability allows network-adjacent attackers to access sensitive information from NETGEAR RAX30 routers without authentication. The flaw exist...

This CVE describes an authentication bypass vulnerability in the Bluetooth pairing process of Huawei devices. Attackers within Bluetooth range can pot...