CWE-306: Missing Authentication

This vulnerability allows unauthenticated remote attackers to gain root access to affected Hero Qubo HCD01_02 devices via TELNET. The devices have TEL...

This vulnerability allows unauthenticated attackers to create malicious report files in IGSS project directories via the Data Server TCP interface. Wh...

CVE-2022-32251 is an authentication bypass vulnerability in Siemens SINEMA Remote Connect Server that allows attackers to modify user permissions with...

The Dr Trust USA iCheck Connect BP Monitor version 1.2.1 lacks proper authentication mechanisms, allowing unauthorized access to device functions and ...

CVE-2021-33008 is an authentication bypass vulnerability in AVEVA System Platform versions 2017 through 2020 R2 P01. It allows unauthenticated attacke...

This CVE describes a missing authentication mechanism in totolink EX300_v2 and EX1200T routers, allowing attackers to access administrative functions ...

This vulnerability allows attackers on the local network to bypass password protection on Bosch AMC2 device configuration tools, enabling unauthorized...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privileges on NETGEAR R7800 routers. The flaw exists in...

This vulnerability in HTCondor allows authenticated users to submit jobs as other users on the system due to a flaw in the IDTOKENS authentication met...

The NVIDIA Delegated Licensing Service vulnerability allows authenticated users or attackers to perform unauthorized actions, potentially leading to i...

This vulnerability allows attackers to execute arbitrary GraphQL queries on GitLab Language Server due to insufficient input validation. This could le...

This vulnerability allows attackers to elevate privileges in Payment Orchestrator Service, potentially gaining unauthorized access to payment processi...

An unauthenticated denial of service vulnerability exists in Socomec DIRIS Digiware M-70 devices running version 1.6.9. Attackers can send specially c...

An unauthenticated denial-of-service vulnerability exists in Socomec DIRIS Digiware M-70 devices running version 1.6.9. Attackers can send specially c...

An unauthenticated denial-of-service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 devices. Attackers c...

An unauthenticated denial-of-service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 devices. Attackers can send s...

This CVE describes an unauthenticated server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host ...

This CVE describes an unauthenticated server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host ...

CVE-2025-21355 is a missing authentication vulnerability in Microsoft Bing that allows unauthorized attackers to execute arbitrary code over the netwo...

CVE-2024-12757 is an authentication bypass vulnerability in Nedap Librix Ecoreader that allows unauthenticated attackers to access critical functions....

This vulnerability allows unauthenticated attackers to access configuration data of managed devices by sending specially crafted packets to Fortinet F...

Billion Electric routers have a missing authentication vulnerability that allows unauthenticated remote attackers to access administrative functions. ...

Chisel servers using the AUTH environment variable for authentication are vulnerable to complete authentication bypass, allowing any unauthenticated u...

This vulnerability allows remote attackers to bypass authentication on Seiko Solutions SkyBridge devices, enabling unauthorized access to critical fun...

This vulnerability in the femanager extension for TYPO3 allows unauthenticated attackers to reset passwords for all frontend users due to missing acce...

CVE-2021-41266 is an authentication bypass vulnerability in MinIO Console when external identity provider (IDP) authentication is enabled. Attackers c...

CVE-2021-29442 is an authentication bypass vulnerability in Nacos that allows unauthenticated attackers to access the /derby endpoint, enabling databa...

This vulnerability allows attackers to bypass authentication in HYPR Server by exploiting missing authentication checks in Legacy APIs. It affects all...

Saturn Remote Mouse Server has a critical command injection vulnerability that allows unauthenticated attackers on the local network to execute arbitr...

This vulnerability allows unauthenticated attackers to delete directories via the uninstall API endpoint in parisneo/lollms-webui. Attackers can explo...

This vulnerability allows attackers to bypass SSH authentication in GE Vernova Enervista UR Setup software, enabling man-in-the-middle attacks. Attack...

An improper access control vulnerability in Fortra's FileCatalyst Workflow component allows unauthenticated attackers to upload arbitrary files via th...

An unauthenticated remote attacker can exploit this SNMP vulnerability to access process information and trigger a system reboot via watchdog. This af...

A missing authentication vulnerability in AssetView and AssetView CLOUD allows unauthenticated remote attackers to access and delete files on the serv...

This vulnerability in open-webui v0.3.10 allows unauthenticated attackers to access the PDF generation endpoint, potentially causing denial of service...

This vulnerability allows unauthorized users to deploy, remove, start, reload, or stop Lua applications via AppManager in SICK products. Attackers can...

Apache Pulsar Proxy has an improper authentication vulnerability that allows unauthenticated access to the /proxy-stats endpoint. This exposes connect...

LOYTEC building automation devices lack authentication for the LWEB-802 web interface via specific URIs, allowing unauthenticated attackers to modify ...

This vulnerability allows attackers to execute arbitrary commands on managed devices through the SEL-5037 Grid Configurator without proper authenticat...

This vulnerability allows attackers to bypass authentication in affected products, potentially enabling them to read or modify sensitive data, execute...

CVE-2021-27963 is an authentication bypass vulnerability in SonLogger that allows unauthenticated attackers to create new user accounts with administr...

OpenClaw versions before 2026.2.2 have an authentication bypass vulnerability in the WebSocket gateway connection handshake. Attackers can connect wit...

CVE-2025-7679 is an authentication bypass vulnerability in the ASPECT system that allows unauthorized users to access protected functionality without ...

IBM Spectrum Protect Server versions 8.1 through 8.1.26 contain an authentication bypass vulnerability due to improper session authentication. Attacke...

A vulnerability in Veeam Backup & Replication allows low-privileged authenticated users to exploit insecure deserialization via remoting services, ena...

CVE-2024-5718 is an unauthenticated remote code execution vulnerability in Logsign Unified SecOps Platform's cluster HTTP API. Attackers can execute a...

A low-privileged remote attacker can modify the boot mode configuration of affected devices, potentially altering firmware upgrade processes or causin...

This vulnerability in Oracle Trade Management allows authenticated attackers with low privileges to perform unauthorized data manipulation and access ...

This vulnerability allows unauthenticated attackers to bypass authentication in the User Email Verification for WooCommerce WordPress plugin by exploi...

CVE-2022-26925 is a Windows Local Security Authority (LSA) spoofing vulnerability that allows an authenticated attacker to impersonate any user on a d...