CWE-306: Missing Authentication

This vulnerability allows attackers who know an existing admin account name to bypass authentication and gain full administrative access to affected F...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on affected devices due to missing authentication on...

The Okcat Parking Management Platform web management interface lacks authentication controls, allowing unauthenticated remote attackers to directly ac...

This critical vulnerability allows unauthenticated attackers to create administrator accounts on affected WGS network devices without any credentials....

This critical vulnerability in Oracle E-Business Suite's iSurvey Module allows unauthenticated attackers to remotely execute arbitrary code and comple...

This critical vulnerability allows attackers to modify or disable settings in Automated Tank Gauging (ATG) systems, disrupting fuel monitoring and sup...

CVE-2025-3248 is an unauthenticated remote code execution vulnerability in Langflow's /api/v1/validate/code endpoint. Attackers can send crafted HTTP ...

The Anything-LLM desktop application for Windows opens port 3001 on all network interfaces (0.0.0.0) without authentication by default. This allows at...

This critical vulnerability in Vasion Print (formerly PrinterLogic) allows unauthenticated attackers to create partial admin user accounts. Affected o...

This vulnerability allows unauthenticated attackers to edit driver packages in Vasion Print (formerly PrinterLogic) systems. Attackers can upload mali...

Orthanc server versions before 1.5.8 have remote access enabled without basic authentication by default, allowing attackers to access medical imaging ...

This vulnerability allows unauthenticated remote attackers to reset user PINs in Q-Free MaxTime systems via crafted HTTP requests. It affects all Q-Fr...

This vulnerability allows unauthenticated remote attackers to enable passwordless guest mode in Q-Free MaxTime systems via crafted HTTP requests. It a...

This vulnerability allows unauthenticated remote attackers to edit user permissions in Q-Free MaxTime traffic management systems via crafted HTTP requ...

This vulnerability allows unauthenticated remote attackers to send crafted HTTP requests to Q-Free MaxTime traffic management systems, potentially com...

This vulnerability allows unauthenticated remote attackers to reset arbitrary user passwords in Q-Free MaxTime systems via crafted HTTP requests. It a...

CVE-2025-21535 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to remotely execute arbitrary code and comp...

This critical vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers with network access via HTTP to completely compr...

This vulnerability allows attackers to bypass authentication on Quectel BC95-CNV cellular modules by sending specially crafted NAS (Non-Access Stratum...

CVE-2024-11680 is an authentication bypass vulnerability in ProjectSend file sharing software. Unauthenticated attackers can modify application config...

This vulnerability exposes an administrative interface on all network interfaces without authentication, allowing unauthenticated remote attackers to ...

This critical vulnerability in QNAP Notes Station 3 allows remote attackers to bypass authentication and execute privileged functions without credenti...

CVE-2024-21855 is an unauthenticated remote code execution vulnerability in GoCast 1.1.3's HTTP API. Attackers can send specially crafted HTTP request...

An authentication bypass vulnerability in Palo Alto Networks PAN-OS software allows unauthenticated attackers with network access to the management we...

This vulnerability allows attackers to bypass access controls in Cybele Software Thinfinity Workspace's WebSocket API endpoint, potentially enabling u...

CVE-2024-10386 is a critical authentication vulnerability in Rockwell Automation products that allows unauthenticated attackers with network access to...

This critical vulnerability in FortiManager allows unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. It ...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected devices via UDP packets...

CVE-2024-9984 is an authentication bypass vulnerability in Ragic Enterprise Cloud Database that allows unauthenticated remote attackers to steal any u...

This critical vulnerability allows unauthenticated remote attackers to download and upload firmware and system configurations on affected PLANET Techn...

CVE-2024-8310 is an authentication bypass vulnerability in OPW Fuel Management Systems SiteSentinel that allows attackers to gain full administrative ...

CVE-2024-7015 is a critical authentication bypass vulnerability in Profelis Informatics and Consulting PassBox that allows attackers to access sensiti...

Orca HCM from LEARNING DIGITAL has a critical missing authentication vulnerability that allows unauthenticated remote attackers to create administrato...

This CVE describes a critical authentication and authorization bypass vulnerability in Menulux Information Technologies Management Portal that allows ...

CVE-2024-36445 allows remote attackers to gain root shell access on Swissphone DiCal-RED 4009 devices via unauthenticated TELNET. This affects organiz...

CVE-2024-42462 is an authentication bypass vulnerability in upKeeper Manager that allows attackers to circumvent multi-factor authentication. This aff...

CVE-2024-5910 is a critical authentication bypass vulnerability in Palo Alto Networks Expedition that allows unauthenticated attackers with network ac...

CVE-2024-6422 allows unauthenticated remote attackers to manipulate devices via Telnet, enabling them to stop processes, read, delete, and modify data...

This vulnerability allows unauthenticated remote attackers to access PDNU REST APIs in CyberPower PowerPanel Enterprise, potentially leading to applic...

CVE-2023-42121 is a critical authentication bypass vulnerability in Control Web Panel that allows remote attackers to execute arbitrary code without a...

This critical vulnerability in Triangle MicroWorks SCADA Data Gateway allows remote attackers to bypass authentication completely and execute arbitrar...

This critical vulnerability in Oracle Hospitality Simphony allows unauthenticated attackers with network access via HTTP to completely compromise the ...

This vulnerability allows attackers to bypass authentication in the com.transsion.kolun.aiservice system application on Tecno/Infinix devices. Attacke...

CVE-2024-3777 is a critical authentication bypass vulnerability in Ai3 QbiBot's password reset feature. Unauthenticated remote attackers can reset any...

CVE-2023-1083 allows unauthenticated remote attackers to send and receive MQTT messages on vulnerable systems, enabling them to execute configuration ...

This vulnerability allows authenticated users with PAM access in Devolutions Server to bypass permission controls and view unauthorized PAM entries. I...

CVE-2023-5716 is a critical vulnerability in ASUS Armoury Crate software that allows remote attackers to write arbitrary files to the system without a...

This vulnerability allows unauthenticated attackers to execute commands with administrative privileges on affected routers by exploiting shared sessio...

This vulnerability in Heimdal Thor agent allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information throug...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on NETGEAR ProSAFE Network Management System devices by exploitin...