CWE-306: Missing Authentication

This vulnerability allows authentication bypass on Unitree Go2, G1, H1, and B2 robots by accepting any handshake secret containing the substring 'unit...

This vulnerability allows authenticated high-privileged remote attackers to read arbitrary files from the controller's file system through a web appli...

This vulnerability in the WP Affiliate Disclosure WordPress plugin allows attackers to perform unauthorized actions through Cross-Site Request Forgery...

An unauthenticated file upload vulnerability in Fanvil x210 V2 IP phones allows attackers on the local network to store arbitrary files on the device ...

The Xtooltech Xtool AnyScan Android application version 4.40.40 has a missing authentication vulnerability in its update server endpoint. This allows ...

This vulnerability allows team administrators without member invite privileges to obtain a team's invite ID through the team restore API endpoint. Aff...

This vulnerability in HCL DevOps Deploy/Launch allows authenticated users to access sensitive information about other users due to insufficient author...

In Danswer AI version 0.4.1, unauthenticated attackers can sign up as basic users and create credentials linked to existing connectors, which should b...

This vulnerability in infiniflow/ragflow v0.12.0 allows authenticated users to view other users' invite lists without proper authorization. This expos...

This vulnerability in IBM DevOps Deploy and UrbanCode Deploy allows authenticated users to access sensitive information about other users due to missi...

This vulnerability allows unauthenticated attackers on the same local network as a Starlink Dish to execute administrative actions via gRPC requests b...

This vulnerability allows attackers to spoof user interface elements in Chrome's fullscreen mode by tricking users into performing specific gestures o...

This vulnerability allows attackers to spoof the Chrome Omnibox (address bar) security UI on Android devices through specific user gestures. Attackers...

A missing authentication vulnerability in some Lenovo Tablets allows unauthorized users with physical access to modify Control Center settings when th...

This vulnerability in Mattermost allows authenticated users to access files and subscribe to blocks in Boards they shouldn't have permission to view. ...

This vulnerability allows a local attacker to make unauthorized configuration changes to HCL BigFix IVR without authentication. It affects systems run...

An information disclosure vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to retrieve sensitive administrat...

Avation Light Engine Pro exposes its configuration and control interface without authentication, allowing anyone on the network to access and modify l...

This vulnerability allows remote attackers to access administrative functionality without authentication in Interinfo DreamMaker software. Attackers c...

The Pix-Link LV-WR21Q access point has an authentication bypass vulnerability in its /goform/getHomePageInfo endpoint, allowing unauthenticated attack...

CVE-2025-59097 is an authentication bypass vulnerability in dormakaba exos 9300 Access Manager configuration software. It allows unauthenticated attac...

This vulnerability allows unauthenticated attackers to access the SOAP API on exos 9300 servers, enabling them to create arbitrary access log events a...

This vulnerability allows remote unauthenticated attackers to exploit insecure .NET Remoting in Entrust IFI's SmartCardController service. Attackers c...

This vulnerability allows attackers to execute arbitrary operating system commands with root privileges on Ruckus vRIoT IoT Controller devices. Attack...

OpenFlagr versions up to 1.1.18 contain an authentication bypass vulnerability in HTTP middleware. Attackers can craft requests to bypass authenticati...

This CVE describes an authentication bypass vulnerability in D-Link DSL/DIR/DNS devices that allows unauthenticated attackers to modify DNS settings v...

The WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) has a broken access control vulnerability in the initial configuration wizard.cgi e...

This vulnerability allows unauthenticated attackers to execute administrative commands on WODESYS WD-R608U routers (also known as WDR122B V2.0 and WDR...

This vulnerability in COMMAX Smart Home System allows unauthenticated attackers to retrieve RTSP credentials in plain-text by accessing the /overview....

The COMMAX Smart Home System has an unauthenticated configuration modification vulnerability that allows attackers to change system settings and cause...

This vulnerability allows remote unauthenticated attackers to read arbitrary files, write files, and execute code on Entrust Instant Financial Issuanc...

AirKeyboard iOS App 1.0.5 has a missing authentication vulnerability that allows unauthenticated attackers to remotely inject arbitrary keystrokes int...

This vulnerability allows attackers to bypass multi-factor authentication in PingFederate OTP Integration Kit by exploiting improper HTTP method and s...

The Iskra iHUB and iHUB Lite smart metering gateways expose their web management interfaces without requiring any authentication. This allows unauthen...

SiRcom SMART Alert (SiSA) has an authentication bypass vulnerability that allows unauthenticated attackers to access backend APIs using browser develo...

This CVE describes an authentication bypass vulnerability in TVT Digital's NVMS-9000 firmware used by many DVR/NVR/IP camera products. Unauthenticated...

PLANEX CS-QP50F-ING2 smart cameras expose an unauthenticated HTTP configuration backup interface. Remote attackers can download backup files containin...

Denver SHO-110 IP cameras expose an unauthenticated HTTP endpoint on port 8001 that allows remote attackers to retrieve image snapshots. This backdoor...