Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-34068

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-15 Jul, 2025 | 13:09
Updated At-15 May, 2026 | 11:14
Rejected At-
Credits

Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:15 Jul, 2025 | 13:09
Updated At:15 May, 2026 | 11:14
Rejected At:
▼CVE Numbering Authority (CNA)
Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Affected Products
Vendor
Samsung ElectronicsSamsung Electronics
Product
WLAN AP WEA453e
Modules
  • Diagnostic Tech Support Interface (/download/[file])
  • command1
  • command2
Default Status
unaffected
Versions
Affected
  • From 0 before 5.2.4.T1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Omri Inbar
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://omriinbar.medium.com/samsung-wlan-ap-wea453e-vulnerabilities-7aa4a57d4dba
technical-description
exploit
https://fortiguard.fortinet.com/encyclopedia/ips/57323
third-party-advisory
https://www.samsung.com/us/business/support/owners/product/400-series-wea453/
product
https://s4e.io/tools/samsung-wlan-ap-remote-code-execution
third-party-advisory
https://www.vulncheck.com/advisories/samsung-wlan-ap-wea453e-unauthenticated-rce
third-party-advisory
Hyperlink: https://omriinbar.medium.com/samsung-wlan-ap-wea453e-vulnerabilities-7aa4a57d4dba
Resource:
technical-description
exploit
Hyperlink: https://fortiguard.fortinet.com/encyclopedia/ips/57323
Resource:
third-party-advisory
Hyperlink: https://www.samsung.com/us/business/support/owners/product/400-series-wea453/
Resource:
product
Hyperlink: https://s4e.io/tools/samsung-wlan-ap-remote-code-execution
Resource:
third-party-advisory
Hyperlink: https://www.vulncheck.com/advisories/samsung-wlan-ap-wea453e-unauthenticated-rce
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:15 Jul, 2025 | 13:15
Updated At:20 Nov, 2025 | 19:16

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-306Secondarydisclosure@vulncheck.com
CWE ID: CWE-306
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://fortiguard.fortinet.com/encyclopedia/ips/57323disclosure@vulncheck.com
N/A
https://omriinbar.medium.com/samsung-wlan-ap-wea453e-vulnerabilities-7aa4a57d4dbadisclosure@vulncheck.com
N/A
https://s4e.io/tools/samsung-wlan-ap-remote-code-executiondisclosure@vulncheck.com
N/A
https://www.samsung.com/us/business/support/owners/product/400-series-wea453/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/samsung-wlan-ap-wea453e-unauthenticated-rcedisclosure@vulncheck.com
N/A
Hyperlink: https://fortiguard.fortinet.com/encyclopedia/ips/57323
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://omriinbar.medium.com/samsung-wlan-ap-wea453e-vulnerabilities-7aa4a57d4dba
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://s4e.io/tools/samsung-wlan-ap-remote-code-execution
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.samsung.com/us/business/support/owners/product/400-series-wea453/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/samsung-wlan-ap-wea453e-unauthenticated-rce
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

111Records found

CVE-2026-39987
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-95.64% / 99.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 17:16
Updated-24 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-05-07||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Action-Not Available
Vendor-coreweavemarimo-teamMarimo
Product-marimomarimoMarimo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-24789
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 16:17
Updated-11 Feb, 2026 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

Action-Not Available
Vendor-ZLAN Information Technology Co.
Product-ZLAN5143D
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-6981
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.59% / 43.91%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 16:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication.

Action-Not Available
Vendor-OMNTEComntec
Product-Proteus Tank Monitoringproteus_tank_monitoring
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25775
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.40% / 32.45%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 00:06
Updated-16 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

Action-Not Available
Vendor-SenseLive
Product-X3050
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25550
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 49.70%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 17:13
Updated-04 Jun, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling to read or write arbitrary files on the server using the .NET WebClient class, or coerce NTLMv2 authentication by supplying a UNC path to an attacker-controlled server, enabling sensitive credential disclosure, remote code execution, or lateral movement depending on service account privileges and network environment. The service runs in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Seagull Software, LLC.
Product-BarTender 2019BarTender 2010BarTender 2016
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-23746
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.86% / 54.07%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 19:44
Updated-14 May, 2026 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). The service registers a TCP remoting channel with unsafe formatter/settings that permit untrusted remoting object invocation. A remote, unauthenticated attacker who can reach the remoting port can invoke exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host.

Action-Not Available
Vendor-Entrust Corporation
Product-Instant Financial Issuance (IF)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-22679
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-21.48% / 97.31%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 12:51
Updated-05 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

Action-Not Available
Vendor-weaverWeaver Network Co., Ltd.
Product-e-cologyE-cology
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-24423
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-87.69% / 99.74%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:53
Updated-05 Mar, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-26||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Action-Not Available
Vendor-smartertoolsSmarterToolsSmarterTools
Product-smartermailSmarterMailSmarterMail
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-24728
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.41% / 33.19%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 03:48
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interinfo DreamMaker - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.

Action-Not Available
Vendor-Internet Information Co., Ltd
Product-DreamMaker
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-23751
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.88% / 54.77%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 14:46
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object and read arbitrary files from the server filesystem, write attacker-controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host, enabling sensitive credential disclosure, denial of service, remote code execution, or lateral movement depending on service account privileges and network environment.

Action-Not Available
Vendor-Tungsten Automation Corp.
Product-Tungsten Capture (formerly Kofax Capture)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
CVE-2024-47138
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.75% / 50.47%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 22:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Missing Authentication for Critical Function

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.

Action-Not Available
Vendor-mySCADAmyscada
Product-myPRO RuntimemyPRO Managermypro_managermypro_runtime
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25412
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.77% / 51.13%
||
7 Day CHG~0.00%
Published-30 May, 2026 | 14:55
Updated-03 Jun, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Action-Not Available
Vendor-deltasql_projectDeltasql
Product-deltasqlDelta Sql
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-41988
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.59% / 44.06%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 17:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Action-Not Available
Vendor-TEMtem
Product-Opera Plus FM Family Transmitteropera_plus_fm_family_transmitter
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1364
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 08:41
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JNC|IAQS and I6 - Missing Authentication

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

Action-Not Available
Vendor-JNC
Product-IAQSI6
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-36892
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.92% / 55.84%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 20:52
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.

Action-Not Available
Vendor-eibizEIBIZ Co.,Ltd.
Product-i-media_server_digital_signagei-Media Server Digital Signage
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-36904
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.53%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:39
Updated-02 Jan, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.

Action-Not Available
Vendor-Selea
Product-Selea CarPlateServer (CPS)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2012-10030
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.48% / 70.82%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 20:01
Updated-07 Apr, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server Arbitrary File Upload

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction.

Action-Not Available
Vendor-freefloatFreeFloat
Product-freefloat_ftp_serverFTP Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-25738
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.35% / 26.70%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 13:22
Updated-04 Jun, 2026 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to hc_ajax_save_option to enable user registration and set the default role to administrator, enabling account takeover.

Action-Not Available
Vendor-framework-y
Product-Hybrid Composer
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-25568
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.32% / 23.81%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-21 Apr, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with system-level privileges when the service restarts after a computer reboot.

Action-Not Available
Vendor-microvirtMemuplay
Product-memuMemu Play
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25332
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.59% / 43.84%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-27 May, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.

Action-Not Available
Vendor-gitbucketgitbucket
Product-gitbucketGitBucket
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25140
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.28% / 20.15%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:27
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.

Action-Not Available
Vendor-FLIR Systems, Inc.
Product-Thermal Traffic Cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25134
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.57% / 42.92%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:27
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass via webNewAcct.cgi

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.

Action-Not Available
Vendor-Synaccess Networks Inc.
Product-netBooter NP-02x/NP-08x
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25335
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.52% / 40.00%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-18 May, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.

Action-Not Available
Vendor-peugeot-music-plugin
Product-Peugeot Music
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-22898
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.68% / 47.99%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 16:21
Updated-14 Apr, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvr_proQVR Pro
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-22207
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.59%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 20:34
Updated-23 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenViking Missing root_api_key Allows Anonymous ROOT Access

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.

Action-Not Available
Vendor-Volcengine
Product-OpenViking
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-50593
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.64% / 46.00%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 19:57
Updated-08 Dec, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-50592
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.58% / 43.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 19:57
Updated-24 Nov, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-50595
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.58% / 43.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 19:58
Updated-24 Nov, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView < v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-4978
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.56% / 72.21%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 13:49
Updated-23 Jul, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Action-Not Available
Vendor-Steppschuh
Product-Remote Control Collection Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1670
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 53.18%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 22:56
Updated-18 Feb, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Action-Not Available
Vendor-Honeywell International Inc.
Product-SMB NDAA MVO-3I-HIB2PI-UL 2MP IP25M IPCPTZ WDR 2MP 32M
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-14162
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.47% / 37.44%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 10:57
Updated-30 Jun, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech|Hospital Quering Management - Missing Authentication

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-Hospital Quering Management
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1579
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.93% / 56.12%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 20:20
Updated-07 Apr, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level.

Action-Not Available
Vendor-px4PX4
Product-autopilotAutopilot
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-12819
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.31% / 22.85%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 06:28
Updated-30 Jun, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DVP-12SE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-30230
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-1.03% / 59.41%
||
7 Day CHG+0.01%
Published-14 Jun, 2022 | 09:21
Updated-12 Nov, 2025 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.

Action-Not Available
Vendor-Siemens AG
Product-sicam_gridedge_essentialSICAM GridEdge (Classic)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1019
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 02:48
Updated-23 Jan, 2026 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotac|Police Statistics Database System - Missing Authentication

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

Action-Not Available
Vendor-gotacGotac
Product-police_statistics_database_systemPolice Statistics Database System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-9971
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.78% / 51.49%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 06:48
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Planet Technology|Industrial Cellular Gateway - Missing Authentication

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.

Action-Not Available
Vendor-Planet Technology
Product-ICG-2510WG-LTE (EU/US)ICG-2510W-LTE (EU/US)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-0625
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.96% / 57.33%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 21:14
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-600DSL-500DSL-2780BDIR-608DNS-325DSL-2640BDIR-615DSL-526BDNS-345DSL-500GDIR-905LDNS-320DIR-611DIR-610DSL-2740RDSL-502GDSL-2640T
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-0650
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.44% / 35.23%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 04:29
Updated-08 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.

Action-Not Available
Vendor-OpenFlagr
Product-Flagr
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2021-47936
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.66% / 46.89%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 12:43
Updated-12 May, 2026 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCATS 0.9.4 Remote Code Execution via Resume Upload

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.

Action-Not Available
Vendor-Opencats
Product-OpenCATS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-9254
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.61% / 44.74%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:21
Updated-06 Nov, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.

Action-Not Available
Vendor-uniongUniong
Product-webitrWebITR
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-8284
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.51% / 39.61%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 16:27
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Packet Power EMX and EG Missing Authentication for Critical Function

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.

Action-Not Available
Vendor-Packet Power
Product-EMXEG
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-8286
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-1.22% / 64.91%
||
7 Day CHG+0.01%
Published-31 Jul, 2025 | 19:23
Updated-15 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Güralp Systems FMUS Series and MIN Series Devices

The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.

Action-Not Available
Vendor-Güralp Systems
Product-Güralp FMUS SeriesMIN Series Devices
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-71318
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 41.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 17:49
Updated-08 Jun, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands — including shutdown, reboot, switch-on-bypass, and battery test — without supplying any credentials.

Action-Not Available
Vendor-Riello UPS
Product-NetMan 204
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-6260
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 36.86%
||
7 Day CHG~0.00%
Published-24 Jul, 2025 | 20:53
Updated-25 Jul, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

Action-Not Available
Vendor-Network Thermostat
Product-X-Series WiFi thermostats
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-4312
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 36.01%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 07:29
Updated-17 Mar, 2026 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DrangSoft|GCB/FCB Audit Software - Missing Authentication

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.

Action-Not Available
Vendor-DrangSoft
Product-GCB/FCB Audit Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1453
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.50% / 38.86%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 19:02
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in KiloView Encoder Series

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Action-Not Available
Vendor-KiloView
Product-Encoder Series E2 hardware Version 1.7.20Encoder Series RE1 hardware Version 3.0.00Encoder Series P2 hardware Version 1.8.20Encoder Series E1 hardware Version 1.4Encoder Series E1 hardware Version 1.6.20Encoder Series P1 hardware Version 1.3.20Encoder Series G1 hardware Version 1.6.20Encoder Series E1-s hardware Version 1.4Encoder Series RE1 hardware Version 2.0.00Encoder Series E2 hardware Version 1.8.20
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-5310
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 49.65%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 17:22
Updated-04 Sep, 2025 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.

Action-Not Available
Vendor-Dover Fueling Solutions
Product-ProGauge MagLink LX 4ProGauge MagLink LX PlusProGauge MagLink LX Ultimate
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1341
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 38.79%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 21:26
Updated-04 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in Avation Light Engine Pro

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.

Action-Not Available
Vendor-Avation
Product-Avation Light Engine Pro
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-5192
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.44% / 35.64%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:15
Updated-04 Feb, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-5095
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.87% / 54.47%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 17:24
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Burk Technology ARC Solo Missing Authentication for Critical Function

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.

Action-Not Available
Vendor-Burk Technology
Product-ARC Solo
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found