CWE-306: Missing Authentication

This vulnerability allows network-adjacent attackers to access D-Link DAP-1325 router functionality without authentication via the CGI interface. Atta...

This vulnerability allows network-adjacent attackers to access sensitive information from NETGEAR RAX30 routers without authentication. The flaw exist...

This CVE describes an authentication bypass vulnerability in the Bluetooth pairing process of Huawei devices. Attackers within Bluetooth range can pot...

The Advantech ADAM-5630 industrial controller has unauthenticated HTTP commands that allow remote attackers to restart the operating system, reboot ha...

CVE-2025-7706 is a missing authentication vulnerability in TUBITAK BILGEM Liderahenk software that allows remote attackers to execute code without pro...

SQLBot versions before 1.5.0 have an authentication bypass vulnerability in the /api/v1/datasource/uploadExcel endpoint. Unauthenticated attackers can...

This vulnerability in Oracle Life Sciences InForm allows unauthenticated attackers to modify or read limited data by tricking users into interacting w...

A policy bypass vulnerability in Google Chrome extensions allows malicious extensions to access sensitive information from browser process memory. Thi...

CVE-2025-42885 is an authentication bypass vulnerability in SAP HANA 2.0's hdbrss component that allows unauthenticated attackers to call remote-enabl...

This CVE describes a blind server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows unauthenticated attack...

This CVE describes a blind server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows unauthenticated attack...

This vulnerability allows authenticated local WiFi users to cause a denial of service by rebooting NETGEAR C6220 and C6230 cable modem/router devices....

This vulnerability allows attackers to bypass authorization controls in Xiaomi phone frameworks, enabling unauthorized access to sensitive methods. It...

This vulnerability allows attackers to edit arbitrary posts in Mattermost by exploiting an improper validation flaw in the MSTeams plugin OAuth flow. ...

CVE-2025-8558 is an authentication bypass vulnerability in Proofpoint Insider Threat Management Server that allows unauthenticated users on adjacent n...

This vulnerability in SIGB PMB installer allows remote attackers to execute arbitrary code on affected systems. It affects all systems running PMB ver...

This vulnerability allows an unauthenticated attacker on the same local network to send AirPlay commands to a signed-in Mac without requiring pairing....

This vulnerability allows network-adjacent attackers to modify wireless network settings on D-Link DAP-2622 routers without authentication. Attackers ...

The Razorpay for WooCommerce WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify billing and s...

CVE-2026-25878 is an authentication bypass vulnerability in the FroshAdminer plugin for Shopware Platform. Unauthenticated users can access the Admine...

MeetingHub software from HAMASTAR Technology has a missing authentication vulnerability that allows unauthenticated remote attackers to access specifi...

This vulnerability allows unauthenticated attackers to delete payment metadata logs from all WooCommerce orders using the Rede Itaú plugin. Any WordP...

Akuvox Smart Intercom S539 devices contain an unauthenticated vulnerability that allows remote attackers to access live video streams without authenti...

An authentication bypass vulnerability in AnythingLLM v1.8.5 allows unauthenticated attackers to enumerate and retrieve detailed information about all...

This vulnerability allows unauthenticated attackers to execute scheduled actions in the Icegram Express WordPress plugin by guessing action IDs. This ...

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate and retrieve live TV st...

Selea Targa IP OCR-ANPR cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without authenticat...

This vulnerability allows unauthenticated attackers to manipulate presale counters in WordPress sites using the TokenICO plugin. Attackers can modify ...

The Icegram Express WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to trigger immediate email sendin...

This vulnerability allows unauthenticated attackers to retrieve user data from Screen SFT DAB 600/C devices via the user management API. It exposes ac...

The Crypto WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to set a site-wide authentication state f...

An information disclosure vulnerability in Nautobot SSoT app versions before 3.10.0 allows unauthenticated attackers to view the ServiceNow public ins...

HCL BigFix Mobile versions 3.3 and earlier have an improper access control vulnerability that allows unauthorized users to access a limited set of end...

CVE-2025-0274 is an improper access control vulnerability in HCL BigFix Modern Client Management (MCM) that allows unauthorized users to access a limi...

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability (CWE-306) that allows unauthenticated remote attack...

Uniweb/SoliPACS WebServer developed by EBM Technologies has a missing authentication vulnerability that allows unauthenticated remote attackers to acc...

The Chartify WordPress plugin has a critical authentication bypass vulnerability that allows unauthenticated attackers to execute administrative funct...

SAP NetWeaver Application Server Java has an authentication bypass vulnerability that allows unauthenticated attackers to access internal files. This ...

This vulnerability allows unauthenticated attackers to access configuration pages in Drupal that should require authentication. It affects Drupal site...

CVE-2025-6920 is an authentication bypass vulnerability in ai-inference-server's model inference API. The POST /invocations endpoint fails to validate...

Ash Authentication's account confirmation flow uses GET requests triggered by email links. Email clients and security tools may automatically follow t...

This vulnerability allows unauthenticated remote attackers to access sensitive data through exposed MQTT URLs without authentication in SiPass integra...

Synapse Matrix homeserver versions before 1.106 allow unauthenticated remote users to trigger downloads of remote media content and cache it locally, ...

A missing authentication vulnerability in Rakuten Turbo 5G firmware allows remote unauthenticated attackers to update or downgrade device firmware. Th...

This vulnerability allows unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices by sending specially crafted pa...

This vulnerability allows remote unauthenticated attackers to spoof the Network Isolation status of managed devices in Ivanti EPM. Attackers can make ...

This vulnerability allows unauthenticated attackers to view unpublished campaigns in the Icegram Engage WordPress plugin. It affects all WordPress sit...

Couchbase Server versions 5 through 7.1.3 expose the nsstats endpoint without requiring authentication. This allows unauthenticated attackers to acces...

This vulnerability allows local attackers with physical access to connect to the router's UART console via serial connection without authentication. A...

This vulnerability allows authentication bypass on Unitree Go2, G1, H1, and B2 robots by accepting any handshake secret containing the substring 'unit...