CWE-306: Missing Authentication

Vilo 5 Mesh WiFi System versions up to 5.16.1.33 have an insecure custom TCP service on port 5432 that lacks authentication. Remote attackers can expl...

This vulnerability in GitLab EE allows attackers to run CI/CD pipelines on arbitrary branches, bypassing branch protection rules. It affects GitLab EE...

CVE-2024-22212 is an authentication bypass vulnerability in Nextcloud Global Site Selector that allows attackers to authenticate as any user due to a ...

This vulnerability allows any workload in a Kubernetes cluster running vulnerable SUSE Longhorn versions to execute arbitrary binaries from container ...

CVE-2021-3825 is a critical configuration exposure vulnerability in LiderAhenk's Lider module that allows attackers to retrieve LDAP credentials via a...

This vulnerability allows unauthenticated attackers to impersonate legitimate charging stations by connecting to WebSocket endpoints without proper au...

This CVE describes a critical authentication bypass vulnerability in WebSocket endpoints used for OCPP (Open Charge Point Protocol) communication. Att...

This vulnerability allows unauthenticated attackers to impersonate legitimate charging stations by connecting to WebSocket endpoints without proper au...

The Aptsys POS Platform Web Services module exposes internal API testing tools to unauthenticated users, allowing attackers to discover and execute cr...

This vulnerability allows unauthenticated attackers to establish WebSocket connections to affected systems, bypassing authentication entirely. Attacke...

This vulnerability allows unauthenticated attackers to access camera configuration information, including account credentials, by exploiting a specifi...

PubNet versions before 1.1.3 allow unauthenticated attackers to upload packages as any user by manipulating the author-id parameter in the /api/storag...

This vulnerability allows unauthenticated remote attackers to bypass authentication in Cisco Unified CCX's Contact Center Express Editor, gaining admi...

IROAD Dashcam FX2 devices lack authentication on HTTP and RTSP interfaces, allowing attackers to download stored video recordings and view live footag...

This vulnerability allows unauthenticated attackers to configure LDAP settings in WhatsUp Gold, potentially enabling them to redirect authentication t...

This authentication bypass vulnerability in Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor allows attackers to bypass authen...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on affected Moxa devices due to missing authentication checks in the...

CVE-2022-43761 is a critical authentication bypass vulnerability in B&R APROL industrial automation systems. It allows unauthenticated attackers to re...

CVE-2022-26833 is an improper authentication vulnerability in Open Automation Software OAS Platform that allows unauthenticated attackers to access th...

This vulnerability allows remote attackers to bypass authentication on Rubetek security cameras' Telnet service, gaining unauthorized access to RTSP a...

This vulnerability allows remote attackers to perform administrative operations without authentication in ProjectWorlds Online Time Table Generator 1....

This authentication bypass vulnerability in JetBrains Hub allows attackers to perform administrative actions without proper credentials. All organizat...

CVE-2026-2234 is a missing authentication vulnerability in HGiga's C&Cm@il software that allows unauthenticated remote attackers to read and modify an...

MOMA Seismic Station versions v2.4.2520 and earlier expose their web management interface without requiring authentication. This allows unauthenticate...

The NixOS Odoo package exposes the database manager without authentication, allowing unauthorized actors to delete or download the entire database and...

CVE-2026-21445 is a critical authentication bypass vulnerability in Langflow that allows unauthenticated attackers to access sensitive user conversati...

AVideo versions before 20.1 with the ImageGallery plugin enabled are vulnerable to unauthenticated file upload and deletion. Attackers can upload mali...

Dragonfly Manager web UI endpoints /api/v1/jobs and /preheats lack authentication in versions before 2.1.0, allowing unauthenticated attackers to crea...

KuWFi CPF908-CP5 devices running WEB5.0_LCD_20210125 firmware have unauthenticated API endpoints that allow attackers to access sensitive information,...

Quantenna Wi-Fi chips have an unauthenticated telnet interface enabled by default, allowing attackers to remotely access and control affected devices ...

CVE-2025-40664 is a missing authentication vulnerability in TCMAN GIM v11 that allows unauthenticated attackers to access user management endpoints. T...

The ZONG YU Parking Management System has missing authentication on specific APIs, allowing unauthenticated remote attackers to operate critical syste...

An unauthenticated remote attacker can exploit this vulnerability to gain unauthorized access to the cloud API on affected devices due to missing auth...

An authentication bypass vulnerability in Palo Alto Networks PAN-OS software allows unauthenticated attackers with network access to the management we...

CVE-2025-26361 allows unauthenticated remote attackers to factory reset Q-Free MaxTime devices via crafted HTTP requests due to missing authentication...

This vulnerability in PutongOJ online judging software allows unprivileged users to escalate privileges by constructing malicious requests. Attackers ...

CVE-2024-35293 is a critical missing authentication vulnerability in Schneider Electric devices that allows unauthenticated remote attackers to reboot...

This CVE describes an authentication bypass vulnerability in WatchGuard's Single Sign-On system. Attackers can exploit incorrect authorization in prot...

PTZOptics PT30X-SDI/NDI cameras with firmware before 6.3.40 have an authentication bypass vulnerability in the param.cgi endpoint. Attackers can remot...

This vulnerability allows unauthenticated attackers to import malicious database files into the anything-llm application, potentially deleting or spoo...

CVE-2020-26942 is an authentication bypass vulnerability in Axigen Mail Server that allows unauthenticated attackers to reset the administrator passwo...

This vulnerability allows remote attackers to read and modify data without authentication due to improper access control in the nasSvr.php component o...

This vulnerability allows attackers to bypass access controls on the 70mai A500S driving recorder and directly delete video files via FTP and other pr...

This vulnerability allows attackers to bypass authentication mechanisms in Acronis Cyber Protect 15, potentially leading to unauthorized access, sensi...

CVE-2023-43644 is an authentication bypass vulnerability in sing-box proxy software that allows attackers to bypass SOCKS5 inbound authentication. Thi...

Saho ADM100 and ADM-100FP attendance devices have insufficient authentication, allowing unauthenticated remote attackers to bypass authentication and ...

This vulnerability in LS ELECTRIC XBC-DN32U programmable logic controllers allows unauthenticated attackers to delete arbitrary files on the device. T...

This vulnerability allows unauthenticated attackers to create administrative accounts on LS ELECTRIC XBC-DN32U PLCs running OS version 01.80. Attacker...

HashiCorp Vault Enterprise clusters using Integrated Storage expose an unauthenticated API endpoint that allows attackers to override a node's voter s...

CVE-2022-29951 is an authentication bypass vulnerability in JTEKT TOYOPUC PLCs that allows attackers to execute engineering functions without credenti...