Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-30167

Summary
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At-28 Apr, 2021 | 09:30
Updated At-17 Sep, 2024 | 02:32
Rejected At-
Credits

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:twcert
Assigner Org ID:cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At:28 Apr, 2021 | 09:30
Updated At:17 Sep, 2024 | 02:32
Rejected At:
▼CVE Numbering Authority (CNA)
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Affected Products
Vendor
MERIT LILIN ENT.CO.,LTD.
Product
P2/Z2/P3/Z3 IP camera firmware
Versions
Affected
  • From unspecified through 7.1.94.8908 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522 Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522 Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update P2/Z2/P3/Z3 IP camera firmware to SVN9695.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
x_refsource_MISC
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
x_refsource_MISC
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
x_refsource_MISC
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
x_refsource_MISC
Hyperlink: https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
Resource:
x_refsource_MISC
Hyperlink: https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
Resource:
x_refsource_MISC
Hyperlink: https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
Resource:
x_refsource_MISC
Hyperlink: https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
x_refsource_MISC
x_transferred
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
x_refsource_MISC
x_transferred
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
x_refsource_MISC
x_transferred
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
x_refsource_MISC
x_transferred
Hyperlink: https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:twcert@cert.org.tw
Published At:28 Apr, 2021 | 10:15
Updated At:25 Oct, 2022 | 18:50

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

meritlilin
meritlilin
>>p2r8852e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8852e2>>-
cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8852e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8852e4>>-
cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6852e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6852e2>>-
cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6852e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6852e4>>-
cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6552e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6552e2>>-
cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6552e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6552e4>>-
cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6352ae2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6352ae2>>-
cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6352ae4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6352ae4>>-
cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r3052ae2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r3052ae2>>-
cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1052_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1052>>-
cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8822e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8822e2>>-
cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8822e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r8822e4>>-
cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6822e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6822e2>>-
cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6822e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6822e4>>-
cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6522e2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6522e2>>-
cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6522e4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6522e4>>-
cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6322ae2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6322ae2>>-
cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6322ae4_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r6322ae4>>-
cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r3022ae2_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2r3022ae2>>-
cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1022_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1022>>-
cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1022x_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>p2g1022x>>-
cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8852ax_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8852ax>>-
cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8152x-p_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8152x-p>>-
cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8152x2-p_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8152x2-p>>-
cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8052ex25_firmware>>Versions before 7.1.94.8908(exclusive)
cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*
meritlilin
meritlilin
>>z2r8052ex25>>-
cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE-522Secondarytwcert@cert.org.tw
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-522
Type: Secondary
Source: twcert@cert.org.tw
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3etwcert@cert.org.tw
Third Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388twcert@cert.org.tw
Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdftwcert@cert.org.tw
Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmltwcert@cert.org.tw
Not Applicable
Hyperlink: https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
Source: twcert@cert.org.tw
Resource:
Third Party Advisory
Hyperlink: https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
Source: twcert@cert.org.tw
Resource:
Third Party Advisory
Hyperlink: https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
Source: twcert@cert.org.tw
Resource:
Vendor Advisory
Hyperlink: https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
Source: twcert@cert.org.tw
Resource:
Not Applicable

Change History

0
Information is not available yet

Similar CVEs

748Records found

CVE-2020-12061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.85% / 76.58%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 11:03
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller.

Action-Not Available
Vendor-nitrokeyn/a
Product-fido_u2f_firmwarefido_u2fn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-88.95% / 99.76%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 23:52
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

Action-Not Available
Vendor-vbulletinn/a
Product-vbulletinn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11969
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-4.12% / 89.56%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 19:03
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomeeApache TomEE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11856
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-5.24% / 91.52%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 14:03
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-operation_bridge_reporterOperation Bridge Reporter.
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-10924
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-81.72% / 99.60%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 03:18
Updated-23 Jan, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

Action-Not Available
Vendor-really-simple-pluginsReally Simple Pluginsrogierlankhorstreally-simple-plugins
Product-really_simple_securityReally Simple Security ProReally Simple Security Pro multisiteReally Simple Security – Simple and Performant Security (formerly Really Simple SSL)really_simple_security
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.51% / 82.84%
||
7 Day CHG~0.00%
Published-06 Apr, 2020 | 21:31
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.

Action-Not Available
Vendor-cipplannern/a
Product-cipacen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10920
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-4.92% / 91.07%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493.

Action-Not Available
Vendor-AutomationDirect
Product-ea9-t15clea9-t12clea9-t15cl-rea9-rhmiea9-t10clea9-t7cl-rea9-t8clc-more_hmi_ea9_firmwareea9-t6cl-rea9-t7clea9-t6clea9-pgmswea9-t10wclHMI EA9
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-42222
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.34% / 25.91%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 20:11
Updated-06 May, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.

Action-Not Available
Vendor-Nginx UI (0xJacky)
Product-nginx_uinginx-ui
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10625
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 73.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 13:06
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/nmsWebAccess/NMS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41179
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-9.20% / 94.72%
||
7 Day CHG+0.82%
Published-23 Apr, 2026 | 00:03
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.

Action-Not Available
Vendor-rclonercloneRed Hat, Inc.
Product-rclonercloneRed Hat Advanced Cluster Management for Kubernetes 2OpenShift API for Data Protection
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42302
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 49.36%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 22:05
Updated-12 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.

Action-Not Available
Vendor-Labring Computing Co., LTD.
Product-FastGPT
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41940
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-98.10% / 99.91%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 15:10
Updated-06 May, 2026 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-05-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
WebPros cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Action-Not Available
Vendor-WebProsWebProscPanel (WebPros International, LLC)
Product-wp_squaredwhmcpanelcPanelWHMWP SquaredcPanel & WHM and WP2 (WordPress Squared)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-0949
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 09:36
Updated-03 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Talya Informatics' Elektraweb

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68.

Action-Not Available
Vendor-Talya Informaticstalya_informatics
Product-Elektrawebelektraweb
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-10921
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.81% / 84.78%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482.

Action-Not Available
Vendor-AutomationDirect
Product-ea9-t15clea9-t12clea9-t15cl-rea9-rhmiea9-t10clea9-t7cl-rea9-t8clc-more_hmi_ea9_firmwareea9-t6cl-rea9-t7clea9-t6clea9-pgmswea9-t10wclHMI EA9
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41930
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.35% / 26.72%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:37
Updated-08 May, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain unrestricted read and write access to the entire Vvveb database, including administrator password hashes, customer personally identifiable information, and order data, enabling account takeover and data manipulation.

Action-Not Available
Vendor-givanz
Product-Vvveb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-42074
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.54% / 41.68%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:38
Updated-03 Jun, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own threat model) can set it to true in any tool_use response. Combined with the default allowUnsandboxedCommands: true setting, a prompt-injected model can escape the sandbox for any arbitrary command, achieving full host-level code execution. This issue has been patched in version 0.5.1.

Action-Not Available
Vendor-gitlawbGitlawb
Product-openclaudeopenclaude
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-42221
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.35% / 26.58%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 20:09
Updated-06 May, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in transit; it does not authenticate who is allowed to perform installation. A remote attacker who reaches the service before the legitimate operator can set the admin email, username, and password, causing permanent initial-instance takeover. This issue has been patched in version 2.3.8.

Action-Not Available
Vendor-Nginx UI (0xJacky)
Product-nginx_uinginx-ui
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-39987
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-95.64% / 99.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 17:16
Updated-24 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-05-07||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Action-Not Available
Vendor-coreweavemarimo-teamMarimo
Product-marimomarimoMarimo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10640
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-2.99% / 85.69%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:50
Updated-16 Apr, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-20-140-02 Emerson OpenEnterprise

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.

Action-Not Available
Vendor-emersonEmerson
Product-openenterprise_scada_serverOpenEnterprise SCADA Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-40050
Matching Score-4
Assigner-CrowdStrike Holdings, Inc.
ShareView Details
Matching Score-4
Assigner-CrowdStrike Holdings, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 44.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 16:48
Updated-22 Apr, 2026 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CrowdStrike LogScale Unauthenticated Path Traversal

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.

Action-Not Available
Vendor-CrowdStrike
Product-LogScale Self-Hosted
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-10284
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 31.96%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 02:32
Updated-08 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CE21 Suite <= 2.2.0 - Authentication Bypass

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Action-Not Available
Vendor-CE21, LLC.
Product-ce21_suiteCE21 Suitece21-suite
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-28697
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 54.89%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MiiNePort E1 - Broken Access Control

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.

Action-Not Available
Vendor-Moxa Inc.
Product-miineport_e1_firmwaremiineport_e1MiiNePort E1
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10282
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 75.11%
||
7 Day CHG~0.00%
Published-03 Jul, 2020 | 14:30
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.

Action-Not Available
Vendor-dronecodeunspecified
Product-micro_air_vehicle_linkMAVLink
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10272
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-10||CRITICAL
EPSS-2.46% / 82.49%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 04:35
Updated-17 Sep, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#2554: MiR ROS computational graph presents no authentication mechanisms

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

Action-Not Available
Vendor-aliasroboticsenabled-roboticsmobile-industrial-roboticsuvd-robotsMobile Industrial Robots A/S
Product-er200mir250_firmwareer200_firmwareer-flex_firmwaremir500mir100_firmwareuvd_robots_firmwareer-oneer-lite_firmwaremir1000_firmwaremir500_firmwaremir200_firmwareer-liteer-flexer-one_firmwareuvd_robotsmir100mir200mir1000mir250MiR100
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-40884
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 37.84%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 19:39
Updated-27 Apr, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
goshs: Empty-username SFTP password authentication bypass in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network attacker can connect to the SFTP service and access files without a password. This vulnerability is fixed in 2.0.0-beta.6.

Action-Not Available
Vendor-goshspatrickhener
Product-goshsgoshs
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10148
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-91.98% / 99.81%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 21:55
Updated-24 Oct, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-orion_platformOrion Platformorion_platformOrion
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10038
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.42%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to execute administrative commands without authentication.

Action-Not Available
Vendor-Siemens AG
Product-sicam_t_firmwaresicam_mmusicam_sgu_firmwaresicam_mmu_firmwaresicam_sgusicam_tSICAM TSICAM MMUSICAM SGU
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10287
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-9.1||CRITICAL
EPSS-1.42% / 69.67%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 22:15
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#3326: Hardcoded default credentials on IRC 5 OPC Server

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

Action-Not Available
Vendor-ABB
Product-irb140_firmwareirb140irc5_firmwareirc5IRB140
CWE ID-CWE-255
Not Available
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-9533
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.51% / 71.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 20:09
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08

The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.

Action-Not Available
Vendor-cobhamCobham plc
Product-explorer_710_firmwareexplorer_710Explorer 710
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-35304
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 37.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-19 Jun, 2026 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-coherenceOracle Coherence
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-26339
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.49%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:26
Updated-24 Oct, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

Action-Not Available
Vendor-Q-Free
Product-maxtimeMaxTime
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35053
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.55% / 41.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:55
Updated-13 Apr, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OneUptime: Unauthenticated Workflow Execution via ManualAPI

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. This issue has been patched in version 10.0.42.

Action-Not Available
Vendor-hackerbayOneUptime
Product-oneuptimeoneuptime
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-11402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.33% / 67.67%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 16:06
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

Action-Not Available
Vendor-n/aGradle, Inc.
Product-enterprisen/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-35273
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.33% / 99.81%
||
7 Day CHG+2.54%
Published-11 Jun, 2026 | 02:25
Updated-13 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-06-15||Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PeopleTools PeopleSoft Enterprise PeopleTools
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35296
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-17 Jun, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_sitesOracle WebCenter Sites
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35286
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_contentOracle WebCenter Content
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35293
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-17 Jun, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_sitesOracle WebCenter Sites
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-8993
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-8.6||HIGH
EPSS-2.53% / 83.00%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 20:20
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-activematrix_bpmactivematrix_service_bussilver_fabric_enableractivematrix_service_gridactivematrix_policy_directorTIBCO ActiveMatrix Service GridTIBCO ActiveMatrix Service BusTIBCO Silver Fabric Enabler for ActiveMatrix Service GridTIBCO ActiveMatrix BPMTIBCO ActiveMatrix BPM Distribution for TIBCO Silver FabricTIBCO Silver Fabric Enabler for ActiveMatrix BPMTIBCO ActiveMatrix Policy DirectorTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35546
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 43.78%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 19:39
Updated-04 May, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

Action-Not Available
Vendor-anvizAnviz
Product-cx7_firmwarecx2_litecx2_lite_firmwarecx7Anviz CX2 Lite FirmwareAnviz CX7 Firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-9201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 23:00
Updated-02 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-axc_1050ilc_131_eth_firmwareilc_191_eth_2txilc_191_eth_2tx_firmwareilc_131_eth\/xcaxc_1050_firmwareilc_151_eth\/xcilc_191_me\/anilc_191_me\/an_firmwareilc_131_eth\/xc_firmwareilc_151_ethilc_171_eth_2tx_firmwareilc_151_eth\/xc_firmwareilc_151_eth_firmwareilc_131_ethilc_171_eth_2txn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-5716
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 45.97%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 03:07
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS Armoury Crate - Arbitrary File Write

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-armoury_crateArmoury Crate
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34275
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 29.58%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-01 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-advanced_inbound_telephonyOracle Advanced Inbound Telephony
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34072
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.44% / 35.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 16:51
Updated-02 Jun, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.

Action-Not Available
Vendor-fccviewfccview
Product-cronmastercronmaster
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-33032
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-38.48% / 98.39%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 17:58
Updated-16 Apr, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-Nginx UI (0xJacky)
Product-nginx_uinginx-ui
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-33017
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-98.41% / 99.91%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 04:52
Updated-21 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-04-08||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Action-Not Available
Vendor-langflowlangflow-aiLangflow
Product-langflowlangflowLangflow
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2023-54342
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 36.36%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-05 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.

Action-Not Available
Vendor-equinox
Product-[OSGi
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-6808
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-8.16% / 94.17%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:05
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-26345
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.49%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:27
Updated-24 Oct, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests.

Action-Not Available
Vendor-Q-Free
Product-maxtimeMaxTime
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-53771
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.87% / 54.26%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:54
Updated-07 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiniDVBLinux 5.4 Unauthenticated Root Password Change via System Setup

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

Action-Not Available
Vendor-minidvblinuxMiniDVBLinux
Product-minidvblinuxMiniDVBLinux Change Root Password PoC
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-53964
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.48%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:37
Updated-16 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Factory Reset Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-pulsebig_voice4_firmwarefirstpulse_firmwarewm2pulse_eco_firmwareimpact_ecoimpact_eco_firmwarebig_voice4stream_extensionwm2_firmwarefirst_firmwareimpactbig_voice2impact_firmwarepulse_ecobig_voice2_firmwareBigVoice4WM2StreamImpact/Pulse/FirstBigVoice2Impact/Pulse Eco
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 14
  • 15
  • Next
Details not found