CWE-306: Missing Authentication

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to delete user accounts without credentials by exploiting I...

This vulnerability allows unauthenticated remote attackers to send a POST request to the /usr/cgi-bin/restorefactory.cgi endpoint to trigger a factory...

CVE-2025-12049 is a critical authentication bypass vulnerability in Sharp Display Solutions Media Player MP-01 that allows unauthenticated attackers t...

A critical authentication bypass vulnerability in Ollama platform allows remote attackers to perform unauthorized model management operations without ...

This CVE describes an authentication bypass vulnerability in Apple's Photos app where unauthorized users can view photos in the Hidden Photos Album wi...

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication by se...

MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol, allowing attackers to send crafted commands via the svdrpsend.s...

Selea Targa IP OCR-ANPR cameras contain a hidden developer backdoor page accessible with hard-coded credentials 'Selea781830'. This allows attackers t...

This critical vulnerability in Infinera MTC-9's remote shell service allows unauthenticated attackers to gain full system access via reverse shells us...

An improper SSH configuration in Infinera MTC-9 allows unauthenticated attackers to execute arbitrary commands and access the file system. This affect...

This vulnerability allows users with root access to the operating system to modify firmware on the Chassis Management Board without authentication. Th...

An authentication bypass vulnerability in Dasan Switch DS2924 web interface allows attackers to gain escalated privileges by storing crafted cookies i...

A missing authentication enforcement vulnerability in WSO2 products allows unauthenticated access to System REST APIs and SOAP services when mutual TL...

The CE21 Suite WordPress plugin versions 2.2.1 to 2.3.1 contain an authentication bypass vulnerability that allows unauthenticated attackers to modify...

CVE-2025-12476 is a critical authentication bypass vulnerability affecting BLU-IC2 and BLU-IC4 devices. Attackers can access sensitive resources witho...

This vulnerability allows attackers to obtain server version information from BLU-IC2 and BLU-IC4 devices. This information disclosure can facilitate ...

An unauthenticated remote code execution vulnerability in Oracle Marketing (part of Oracle E-Business Suite) allows attackers to completely compromise...

This critical vulnerability in Oracle Identity Manager allows unauthenticated attackers to remotely compromise the system via HTTP requests, leading t...

This critical vulnerability in Oracle Marketing allows unauthenticated attackers with network access via HTTP to completely compromise the Oracle Mark...

An unauthenticated remote code execution vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows attackers to complet...

CVE-2025-62586 is a critical authentication bypass vulnerability in OPEXUS FOIAXpress that allows remote, unauthenticated attackers to reset administr...

This vulnerability allows unauthenticated attackers to generate administrative access tokens in WSO2 API Manager by exploiting missing authentication/...

An information disclosure vulnerability in TeleControl Server Basic V3.1 allows unauthenticated remote attackers to obtain password hashes and use the...

This critical vulnerability in Azure Entra ID (formerly Azure Active Directory) allows attackers to elevate privileges within cloud identity systems. ...

CVE-2025-35050 is a critical remote code execution vulnerability in Newforma Info Exchange (NIX) that allows unauthenticated attackers to execute arbi...

This vulnerability allows unauthenticated remote attackers to take over administrative control of Vasion Print (formerly PrinterLogic) systems during ...

Vasion Print (formerly PrinterLogic) Virtual Appliance exposes unauthenticated REST API endpoints that leak configuration files, clear-text passwords,...

This vulnerability allows unauthenticated attackers to access all internal Docker containers in Vasion Print (formerly PrinterLogic) deployments, bypa...

This vulnerability allows attackers to capture SSH private keys from compromised Docker containers in Vasion Print deployments due to insecure SSH cli...

This vulnerability exposes a web application's database without authentication, allowing unauthenticated remote attackers to directly access and poten...

Blackmagic Web Presenter version 3.3 exposes an unauthenticated Telnet service on port 9977, allowing remote attackers to manipulate stream settings a...

Planet Technology Industrial Cellular Gateways have a missing authentication vulnerability that allows unauthenticated remote attackers to manipulate ...

CVE-2025-10452 is a critical Missing Authentication vulnerability in Gotac's Statistical Database System that allows unauthenticated remote attackers ...

This vulnerability in Flowise allows unauthenticated attackers to generate password reset tokens for any user account, leading to complete account tak...

This vulnerability allows remote attackers to access deployment functionality in SUNNET Corporate Training Management System without authentication. A...

CVE-2025-8861 is a critical Missing Authentication vulnerability in TSA software developed by Changing. Unauthenticated remote attackers can directly ...

An authentication bypass vulnerability in Securden Unified PAM allows unauthenticated attackers to access administrator backup functions. This exposes...

CVE-2025-9254 is a critical authentication bypass vulnerability in WebITR software developed by Uniong. Unauthenticated remote attackers can exploit t...

A Missing Authentication for Critical Function vulnerability in UniFi Connect EV Station Pro allows attackers with physical or adjacent network access...

CVE-2025-51543 is an authentication bypass vulnerability in Cicool builder that allows unauthenticated attackers to reset the administrator password v...

CVE-2025-5095 is an authentication bypass vulnerability in Burk Technology ARC Solo devices that allows unauthenticated attackers to change passwords ...

CVE-2025-8284 is a critical authentication bypass vulnerability in Packet Power Monitoring and Control Web Interface that allows unauthenticated acces...

This vulnerability allows unauthenticated attackers to reset user credentials on affected thermostats by manipulating elements in the embedded web int...

This critical vulnerability in SINEC NMS allows unauthenticated attackers to reset the superadmin password through an exposed endpoint, granting them ...

Missing authentication checks in the query.fcgi endpoint of NovelSat NS3000 and NS2000 satellite modems allow attackers to hijack active sessions with...

This authentication bypass vulnerability in GFI Kerio Control allows unauthenticated attackers to gain full administrative access to the firewall appl...

This critical vulnerability in GFI Kerio Control allows attackers with administrative access to upload malicious firmware images and execute arbitrary...

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented, unauthenticated target communication framework (TCF) interface on a speci...

CVE-2025-3699 is a critical authentication bypass vulnerability affecting multiple Mitsubishi Electric air conditioning control systems. Unauthenticat...

Instantel Micromate devices have an unauthenticated configuration port that allows attackers to execute arbitrary commands if they can connect to it. ...