CWE-306: Missing Authentication

This CVE describes an authentication bypass vulnerability in VMware Cloud Director Appliance 10.5 when upgraded from older versions. Attackers with ne...

This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely comp...

This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely comp...

This vulnerability in Huawei's APPWidget module allows apps to run without proper authorization due to insufficient permission verification. It affect...

SAP PowerDesigner 16.7 has an improper access control vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries against the...

CVE-2023-36669 is a critical authentication bypass vulnerability in Kratos NGC Indoor Units (IDU) that allows remote attackers to impersonate the Touc...

This critical vulnerability in STW TCG-4 and TCG-4lite connectivity modules allows unauthenticated attackers to gain full root access via SMS over LTE...

CVE-2023-35854 is an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus that allows attackers to steal domain controller sess...

CVE-2023-27396 affects OMRON FINS protocol implementations, allowing attackers to intercept plaintext communications and inject arbitrary commands wit...

The Wordable WordPress plugin up to version 3.1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain admini...

The MStore API WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to create administrator accounts, del...

The BP Social Connect WordPress plugin versions up to 1.5 have an authentication bypass vulnerability that allows unauthenticated attackers to log in ...

CVE-2023-1096 is a critical authentication bypass vulnerability in NetApp SnapCenter that allows remote unauthenticated attackers to gain administrati...

An unauthenticated remote attacker can execute arbitrary code with full privileges on Cisco SPA112 2-Port Phone Adapters by exploiting a missing authe...

Moxa MiiNePort E1 devices have an insufficient access control vulnerability that allows unauthenticated remote attackers to perform arbitrary system o...

This critical vulnerability in MAXTECH MAX-G866ac routers allows remote attackers to access the remote management interface without authentication. At...

This vulnerability allows unauthenticated attackers to change administrative credentials via the Java RMI interface, potentially leading to remote cod...

CVE-2022-41331 allows remote unauthenticated attackers to access Redis and MongoDB databases in FortiPresence infrastructure servers. This affects org...

This critical authentication bypass vulnerability in Ivanti Avalanche allows remote attackers to gain unauthorized access without credentials. The fla...

This vulnerability allows attackers to elevate their privileges in any Apache OpenMeetings room, potentially gaining administrative control. It affect...

This vulnerability in Delta Electronics InfraSuite Device Master allows unauthenticated remote attackers to execute arbitrary code with administrator ...

LightCMS v1.3.7 contains a remote code execution vulnerability in the image:make function that allows attackers to execute arbitrary code on the serve...

An unauthenticated remote attacker can create arbitrary administrative users on ClearPass Policy Manager's web interface, leading to complete cluster ...

This vulnerability allows attackers to execute arbitrary WGET commands through the Network Diagnosis endpoint, leading to privilege escalation on affe...

CVE-2022-45138 is an authentication bypass vulnerability in the web-based management configuration backend, allowing unauthenticated attackers to read...

CVE-2022-45140 allows unauthenticated attackers to write arbitrary data with root privileges to the configuration backend storage. This can lead to re...

This critical vulnerability in SICK FX0-GPNT firmware allows unauthenticated remote attackers to execute arbitrary code by sending specially crafted R...

CVE-2022-42970 is a critical authentication bypass vulnerability in APC/Schneider Electric Easy UPS Online Monitoring Software that allows unauthentic...

CVE-2022-20857 is a critical vulnerability in Cisco Nexus Dashboard that allows unauthenticated remote attackers to execute arbitrary commands, read/u...

CVE-2022-20861 allows unauthenticated remote attackers to execute arbitrary commands, read/upload container images, or perform CSRF attacks on Cisco N...

CVE-2022-24562 allows unauthenticated attackers to send GET/POST requests to Airserv in IOBit IOTransfer, granting them full file-system read/write ac...

AriaNg versions 0.1.0 through 1.2.2 have an authentication bypass vulnerability that allows unauthenticated users to access the web interface and cont...

This vulnerability allows unauthenticated attackers to create administrative user accounts in SICAM GridEdge Classic systems. All versions before V2.6...

This vulnerability allows unauthenticated access to Grafana Enterprise Logs querier component when X-Scope-OrgID header is used, bypassing authenticat...

CVE-2022-1388 is an authentication bypass vulnerability in F5 BIG-IP's iControl REST API that allows unauthenticated attackers to execute arbitrary sy...

Multiple TRUMPF TruTops products expose an unauthenticated service function that allows attackers to execute unauthorized actions. This vulnerability ...

CVE-2022-28719 is a critical authentication bypass vulnerability in AssetView management software that allows unauthenticated remote attackers to uplo...

The SiteGround Security plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as administrat...

This vulnerability allows unauthenticated attackers to access sensitive pages and modify admin configurations on Totolink A3100R routers. It affects a...

CVE-2022-26501 is an incorrect access control vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary c...

This vulnerability allows remote attackers to access the 'wx.html' page on WAVLINK AC1200 routers without authentication, granting them friend-level a...

CVE-2022-25251 is an authentication bypass vulnerability in Axeda agent and Desktop Server for Windows that allows remote unauthenticated attackers to...

MCMS versions up to 5.2.5 contain a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary ...

This critical vulnerability in Oracle Access Manager allows unauthenticated attackers to remotely compromise the system via HTTP requests, potentially...

This critical vulnerability in NUUO NVRmini2 network video recorders allows unauthenticated attackers to upload encrypted TAR archives to add arbitrar...

This vulnerability allows unauthenticated attackers to change the administrator password on Trendnet AC2600 TEW-827DRU routers. Attackers can exploit ...

This vulnerability allows attackers to bypass authentication in Apache APISIX Dashboard by directly accessing APIs through the gin framework interface...

CVE-2021-44077 is an unauthenticated remote code execution vulnerability in Zoho ManageEngine products. Attackers can exploit this via specific REST A...

This vulnerability allows unauthenticated attackers to execute administrative actions on D-Link DWR-932C E1 routers by exploiting a missing authentica...

CVE-2021-20136 is an unauthenticated remote code execution vulnerability in ManageEngine Log360. Attackers can overwrite the database configuration to...