CWE-306: Missing Authentication

This vulnerability in SIMATIC Process Historian allows unauthenticated attackers to manipulate historical process data through an interface lacking au...

This vulnerability allows remote attackers to execute arbitrary commands within running containers on OpenShift bootstrap nodes during cluster install...

This vulnerability allows information disclosure when user-level drivers perform QFPROM read/write operations on Fuse regions in Qualcomm chipsets. It...

This vulnerability allows attackers to restore system backups without proper permission validation, potentially leading to account takeover and unauth...

SAP Plant Connectivity (PCo) 15.5 and Production Connector for SAP Digital Manufacturing 1.0 fail to validate JWT signatures in HTTP requests, allowin...

This Android vulnerability allows malicious apps to launch activities from the background without proper permissions, enabling local privilege escalat...

A missing authentication vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary code without proper authenticatio...

This vulnerability allows local attackers to bypass authentication in Vasion Print (formerly PrinterLogic) by preloading a malicious shared object tha...

This vulnerability allows an authenticated attacker on a Windows system to exploit a missing authentication check in the StateRepository API to elevat...

This vulnerability allows a low-privileged local attacker to exploit improper permissions on nssm.exe (Non-Sucking Service Manager) to escalate privil...

The Archify application on macOS contains a local privilege escalation vulnerability where any local process can connect to its privileged helper tool...

This vulnerability allows local attackers to escalate privileges to SYSTEM level on Y Soft SAFEQ 6 servers. The JMX service on port 9696 lacks authent...

This CVE describes an elevation of privilege vulnerability in the Windows Update Stack. An authenticated attacker could exploit this to gain SYSTEM-le...

CVE-2022-43554 is a local privilege escalation vulnerability in Ivanti Avalanche Smart Device Service where missing authentication allows local attack...

A local attacker can change the update source in IGSS Update Service without authentication, potentially leading to remote code execution by forcing u...

This CVE describes a privilege escalation vulnerability in Cacti where low-privileged Windows users can create arbitrary PHP files in web directories ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary Python code with SYSTEM privileges on Inductive Automation Ignition in...

This vulnerability allows an attacker to execute arbitrary code by tricking a user or system into opening a specially crafted DWG file. It affects app...

CVE-2021-33658 is a privilege escalation vulnerability in atune where local users can use curl to access the atune URL interface without authenticatio...

CVE-2022-24396 is an authentication bypass vulnerability in SAP FRUN Simple Diagnostics Agent versions 1.0 through 1.57. Attackers can access administ...

This vulnerability allows an unauthenticated local attacker to send active help commands to Eclipse Platform processes, potentially executing arbitrar...

OpenClaw sandbox browser bridge server accepts requests without gateway authentication, allowing local attackers to access browser control endpoints. ...

CVE-2025-1272 is a Linux kernel vulnerability where lockdown mode is disabled without warning in Fedora Linux kernel versions 6.12+, allowing attacker...

This vulnerability in JetBrains YouTrack allows unauthorized deletion of issues due to missing permission checks in the API. Any YouTrack instance wit...

A missing authentication vulnerability in Samsung Galaxy Themes Service allows local attackers to delete arbitrary non-preloaded applications. This af...

This vulnerability allows attackers to inject arbitrary keystrokes into JXL 9 Inch Car Android Double Din Player devices by spoofing a Bluetooth HID d...

This vulnerability affects multiple Siemens LOGO! programmable logic controller models, allowing unauthenticated remote attackers to manipulate device...

This vulnerability allows attackers with address book access to modify SMB/FTP settings on affected Xerox printers, potentially redirecting scans and ...

This vulnerability allows attackers with physical access to the JTAG port on Nuki smart lock devices to bypass hardware and software security protecti...

This vulnerability in Parse Dashboard's AI Agent API endpoint allows unauthenticated remote attackers to perform arbitrary read and write operations o...

CVE-2026-27584 is an authentication bypass vulnerability in ActualBudget server that allows unauthenticated attackers to access sensitive bank account...

OpenClaw versions 2026.2.13 and below with the @openclaw/voice-call plugin allow unauthenticated attackers to forge Telnyx webhook events when telnyx....

This vulnerability allows any pod within a Kubernetes cluster to send unauthorized AdmissionReview requests to Yoke's Air Traffic Controller webhook e...

This vulnerability in Sliver C2 framework allows unauthenticated attackers to create unlimited DNS sessions without OTP validation, leading to memory ...

CVE-2022-50977 allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via HTTP requests. Th...

This vulnerability allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via Modbus TCP. I...

This vulnerability allows remote attackers to download router configuration files without authentication on Tenda D151 and D301 routers. Attackers can...

The Gotac Statistics Database System has a Missing Authentication vulnerability (CWE-306) that allows unauthenticated remote attackers to directly que...

Vivotek IP7137 cameras with firmware version 0200a allow unauthenticated access to live RTSP video feeds on port 8554. This affects all users of these...

This vulnerability allows unauthenticated remote attackers to access live radio stream information from SOUND4 IMPACT/FIRST/PULSE/Eco systems. Attacke...

Pexip Infinity installations before version 39.0 have an internal API vulnerability where critical functions lack authentication. This allows an attac...

CVE-2025-3232 is an authentication bypass vulnerability in Mitsubishi Electric products that allows remote unauthenticated attackers to execute arbitr...

D-Link DSL-124 routers running ME_1.00 firmware contain an unauthenticated configuration file disclosure vulnerability. Attackers can retrieve complet...

This authentication bypass vulnerability in Screen SFT DAB 600/C devices allows attackers to reset device configurations without valid credentials by ...

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change the admin password without providing current cred...

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change user passwords without proper authentication by e...

An authentication bypass vulnerability in Open-WebUI's /api/config endpoint allows unauthenticated remote attackers to access sensitive system configu...

This vulnerability allows unauthenticated attackers to cause denial of service on Socomec DIRIS Digiware M-70 devices by sending a specific sequence o...

This vulnerability allows unauthenticated attackers to cause denial of service on Socomec DIRIS Digiware M-70 devices by sending a specially crafted M...

This vulnerability allows unauthenticated attackers to cause denial of service on Socomec DIRIS Digiware M-70 devices by sending a specific sequence o...