CWE-306: Missing Authentication

Multiple IP camera devices from UDP Technology, Geutebrück, and other vendors allow unauthenticated remote attackers to access sensitive files due to...

CVE-2021-28913 allows unauthenticated attackers to retrieve a hard-coded unique string from BAB TECHNOLOGIE GmbH eibPort V3 devices via the /webif/Sec...

CVE-2021-37415 is an authentication bypass vulnerability in Zoho ManageEngine ServiceDesk Plus where certain REST-API URLs don't require authenticatio...

CVE-2021-37843 is an authentication bypass vulnerability in resolution SAML SSO apps for Atlassian products that allows remote attackers to log into u...

This vulnerability allows attackers to bypass authentication on Schneider Electric Easergy T200 devices, enabling unauthorized control of critical pow...

CVE-2021-36124 is an authentication bypass vulnerability in Echo ShareCare 8.15.5 that allows unauthenticated attackers to access sensitive resources ...

CVE-2021-33221 exposes unauthenticated API endpoints in CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, allowing attackers to bypass aut...

This vulnerability allows remote attackers to gain unauthorized access to SIMATIC HMI Comfort Panels and SINAMICS Medium Voltage Products via unauthen...

CVE-2021-30190 is an improper access control vulnerability in CODESYS V2 Web-Server that allows unauthenticated attackers to bypass authentication and...

CVE-2021-29203 is a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager that allows remote attackers to execute arbitr...

This vulnerability allows unauthenticated attackers to enable ADB over TCP on Libre Wireless LS9 devices, granting them root access. Any LS9 device wi...

CVE-2021-20697 is an authentication bypass vulnerability in D-Link DAP-1880AC access points. It allows remote attackers to gain administrative access ...

CVE-2020-25218 allows attackers to bypass authentication on Grandstream GRP261x VoIP phones' administrative web interface, granting full administrativ...

This vulnerability allows authentication bypass in genua genugate firewall appliances. Attackers can log into admin panels as any user, including root...

Multiple vulnerabilities in Cisco Application Services Engine allow unauthenticated remote attackers to gain privileged access to host-level operation...

CVE-2021-22652 is an unauthenticated remote code execution vulnerability in Advantech iView industrial monitoring software. Attackers can access confi...

This vulnerability allows remote attackers to gain full administrative access to affected Siemens industrial control devices without authentication wh...

CVE-2020-14245 is an authentication bypass vulnerability in HCL OneTest UI that allows unauthenticated attackers to access functionality requiring use...

CVE-2020-29165 is an incorrect access control vulnerability in PacsOne Server that allows remote attackers to gain administrator privileges. This affe...

CVE-2020-23448 is an authentication bypass vulnerability in newbee-mall e-commerce platform that allows remote attackers to gain administrative privil...

CVE-2020-4958 is an authentication bypass vulnerability in IBM Security Identity Governance and Intelligence that allows unauthenticated attackers to ...

This vulnerability allows remote attackers to gain root access to systems running affected Plone Docker images by using a blank password for the root ...

This vulnerability allows remote attackers to gain root access to systems running affected Vault Docker images by using a blank password. It affects a...

This vulnerability allows remote attackers to gain root access to systems running affected HAProxy Docker images by using a blank password. It affects...

This vulnerability allows remote attackers to gain root access to systems running affected memcached Docker images by using a blank password. It affec...

This vulnerability allows remote attackers to gain root access to systems running affected Composer Docker images by using a blank password. Anyone us...

CVE-2020-35185 allows remote attackers to gain root access to systems running vulnerable Ghost Docker images by using a blank password. This affects d...

This vulnerability allows remote attackers to gain root access to Kong Docker containers by using a blank password for the root user. Systems running ...

CVE-2020-28929 allows unauthenticated attackers to remotely download server logs containing administrative hashed credentials via a specific URI in EP...

This vulnerability affects SonarQube Docker images based on Alpine Linux that have a blank root password. Attackers can gain root access to containers...

The Software AG Terracotta Server OSS Docker image version 5.4.1 has a blank root password, allowing remote attackers to gain root access without auth...

CVE-2020-35464 is a critical authentication bypass vulnerability in Weave Cloud Agent Docker image version 1.3.0 where the root user has a blank passw...

The Blackfire Docker image through December 14, 2020 contains a blank root password, allowing remote attackers to gain root access without authenticat...

CVE-2020-35462 allows remote attackers to gain root access to systems running CoScale agent Docker image version 3.16.0 by using a blank password for ...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on Schneider Electric Modicon PLCs via specially crafted HTTP reques...

This vulnerability allows attackers to gain root access to Crux Linux Docker containers by using a blank password for the root account. Systems using ...

This vulnerability allows attackers to retrieve cleartext web-server credentials by making specific CGI requests to affected CDATA optical line termin...

CVE-2020-3531 allows unauthenticated remote attackers to access the back-end database of Cisco IoT Field Network Director (FND) due to improper REST A...

CVE-2020-13927 is a critical authentication bypass vulnerability in Apache Airflow's Experimental API that allows unauthenticated remote attackers to ...

This CVE allows unauthenticated attackers to gain administrative control over affected Pepperl+Fuchs industrial network devices. Attackers can bypass ...

This vulnerability allows unauthenticated attackers to upload malicious firmware to HiSilicon-based video encoders, potentially leading to remote code...

This vulnerability in ZTE networking products allows attackers to bypass authentication through brute-force attacks due to missing access control mech...

CVE-2020-15851 is a critical access control vulnerability in Nakivo Backup & Replication Transporter that allows remote attackers to access unencrypte...

CVE-2020-11856 is a critical remote code execution vulnerability in Micro Focus Operation Bridge Reporter versions 10.40 and earlier. Attackers can ex...

The VR CAM P1 Model P1 v1 has an incorrect access control vulnerability that allows unauthenticated remote attackers to gain complete administrative c...

This vulnerability allows unauthenticated attackers to upload malicious firmware through a public update page. This could lead to backdoor installatio...

Vilo 5 Mesh WiFi System versions up to 5.16.1.33 have an insecure custom TCP service on port 5432 that lacks authentication. Remote attackers can expl...

This vulnerability in GitLab EE allows attackers to run CI/CD pipelines on arbitrary branches, bypassing branch protection rules. It affects GitLab EE...

CVE-2024-22212 is an authentication bypass vulnerability in Nextcloud Global Site Selector that allows attackers to authenticate as any user due to a ...

This vulnerability allows any workload in a Kubernetes cluster running vulnerable SUSE Longhorn versions to execute arbitrary binaries from container ...