Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33543

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Jun, 2026 | 21:01
Updated At-25 Jun, 2026 | 13:22
Rejected At-
Credits

FOSSBilling: Authentication bypass allows unauthenticated administrator creation

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Jun, 2026 | 21:01
Updated At:25 Jun, 2026 | 13:22
Rejected At:
▼CVE Numbering Authority (CNA)
FOSSBilling: Authentication bypass allows unauthenticated administrator creation

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0.

Affected Products
Vendor
FOSSBilling
Product
FOSSBilling
Versions
Affected
  • < 0.8.0
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-288
Description: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-28mh-j262-q49w
x_refsource_CONFIRM
https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0
x_refsource_MISC
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-28mh-j262-q49w
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Jun, 2026 | 21:16
Updated At:25 Jun, 2026 | 14:16

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
N/A
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-288Secondarysecurity-advisories@github.com
CWE-306Secondarysecurity-advisories@github.com
CWE ID: CWE-288
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0security-advisories@github.com
N/A
https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-28mh-j262-q49wsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-28mh-j262-q49w
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

136Records found

CVE-2026-24789
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 16:17
Updated-11 Feb, 2026 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

Action-Not Available
Vendor-ZLAN Information Technology Co.
Product-ZLAN5143D
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-34434
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.41% / 33.34%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 19:49
Updated-23 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo < 20.1 ImageGallery Plugin Unauthenticated File Upload and Deletion

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.

Action-Not Available
Vendor-wwbnWorld Wide Broadcast Network
Product-avideoAVideo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-34102
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-6.77% / 93.19%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 19:16
Updated-07 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection

A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.

Action-Not Available
Vendor-Crypttech
Product-CryptoLog
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-34089
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.39% / 68.97%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 19:47
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "Allow unknown devices" option is enabled), the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process.

Action-Not Available
Vendor-Aexol Studio
Product-Remote for Mac
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34068
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.90% / 55.11%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 13:09
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Action-Not Available
Vendor-Samsung Electronics
Product-WLAN AP WEA453e
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-34143
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-29.86% / 97.98%
||
7 Day CHG+0.22%
Published-22 Jul, 2025 | 12:31
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ETQ Reliance CG Authentication Bypass via Trailing Space RCE

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Action-Not Available
Vendor-ETQ
Product-Reliance CG (legacy)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-41988
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.59% / 44.07%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 17:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Action-Not Available
Vendor-TEMtem
Product-Opera Plus FM Family Transmitteropera_plus_fm_family_transmitter
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2417
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.57% / 43.14%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 18:06
Updated-25 Mar, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Pharos Controls
Product-Mosaic Show Controller
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-23751
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.88% / 54.77%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 14:46
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object and read arbitrary files from the server filesystem, write attacker-controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host, enabling sensitive credential disclosure, denial of service, remote code execution, or lateral movement depending on service account privileges and network environment.

Action-Not Available
Vendor-Tungsten Automation Corp.
Product-Tungsten Capture (formerly Kofax Capture)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
CVE-2025-30184
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.47% / 37.12%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 22:05
Updated-12 Aug, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

Action-Not Available
Vendor-cyberdataCyberData
Product-011209_sip_emergency_intercom011209 SIP Emergency Intercom
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-23746
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.86% / 54.07%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 19:44
Updated-14 May, 2026 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). The service registers a TCP remoting channel with unsafe formatter/settings that permit untrusted remoting object invocation. A remote, unauthenticated attacker who can reach the remoting port can invoke exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host.

Action-Not Available
Vendor-Entrust Corporation
Product-Instant Financial Issuance (IF)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-22207
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.59%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 20:34
Updated-23 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenViking Missing root_api_key Allows Anonymous ROOT Access

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.

Action-Not Available
Vendor-Volcengine
Product-OpenViking
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2095
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.51% / 39.54%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 06:53
Updated-13 Feb, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowring|Agentflow - Authentication Bypass

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

Action-Not Available
Vendor-flowringFlowring
Product-agentflowAgentflow
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-1453
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.50% / 38.86%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 19:02
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in KiloView Encoder Series

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Action-Not Available
Vendor-KiloView
Product-Encoder Series E2 hardware Version 1.7.20Encoder Series RE1 hardware Version 3.0.00Encoder Series P2 hardware Version 1.8.20Encoder Series E1 hardware Version 1.4Encoder Series E1 hardware Version 1.6.20Encoder Series P1 hardware Version 1.3.20Encoder Series G1 hardware Version 1.6.20Encoder Series E1-s hardware Version 1.4Encoder Series RE1 hardware Version 2.0.00Encoder Series E2 hardware Version 1.8.20
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1579
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.93% / 56.12%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 20:20
Updated-07 Apr, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level.

Action-Not Available
Vendor-px4PX4
Product-autopilotAutopilot
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-14162
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.47% / 37.44%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 10:57
Updated-30 Jun, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech|Hospital Quering Management - Missing Authentication

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-Hospital Quering Management
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1364
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 08:41
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JNC|IAQS and I6 - Missing Authentication

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

Action-Not Available
Vendor-JNC
Product-IAQSI6
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-12819
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.31% / 22.85%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 06:28
Updated-30 Jun, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DVP-12SE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1341
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 38.79%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 21:26
Updated-04 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in Avation Light Engine Pro

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.

Action-Not Available
Vendor-Avation
Product-Avation Light Engine Pro
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1019
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 02:48
Updated-23 Jan, 2026 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotac|Police Statistics Database System - Missing Authentication

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

Action-Not Available
Vendor-gotacGotac
Product-police_statistics_database_systemPolice Statistics Database System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-9971
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.78% / 51.49%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 06:48
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Planet Technology|Industrial Cellular Gateway - Missing Authentication

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.

Action-Not Available
Vendor-Planet Technology
Product-ICG-2510WG-LTE (EU/US)ICG-2510W-LTE (EU/US)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-0625
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.96% / 57.33%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 21:14
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-600DSL-500DSL-2780BDIR-608DNS-325DSL-2640BDIR-615DSL-526BDNS-345DSL-500GDIR-905LDNS-320DIR-611DIR-610DSL-2740RDSL-502GDSL-2640T
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-0650
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.44% / 35.23%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 04:29
Updated-08 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.

Action-Not Available
Vendor-OpenFlagr
Product-Flagr
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-12371
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.3||CRITICAL
EPSS-0.54% / 41.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 15:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation PowerMonitor™ 1000 Remote Code Execution

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-PM1k 1408-EM2A-485PM1k 1408-EM3A-ENTPM1k 1408-EM2A-ENTPM1k 1408-BC3A-ENTPM1k 1408-TS3A-485PM1k 1408-EM1A-ENTPM1k 1408-BC3A-485PM1k 1408-TR2A-ENTPM1k 1408-TR2A-485PM1k 1408-TR1A-ENTPM1k 1408-TS3A-ENTPM1k 1408-EM3A-485PM1k 1408-EM1A-485PM1k 1408-TR1A-485
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-9313
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 40.75%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 11:49
Updated-30 Oct, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized database access in Asseco mMedica

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to database with sensitive data. This issue affects Asseco mMedica in versions before 11.9.5.

Action-Not Available
Vendor-Asseco Poland S.A.
Product-mMedica
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-9254
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.61% / 44.74%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:21
Updated-06 Nov, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.

Action-Not Available
Vendor-uniongUniong
Product-webitrWebITR
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-2567
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.44% / 35.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 19:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lantronix Xport Missing Authentication for Critical Function

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.

Action-Not Available
Vendor-Lantronix
Product-Xport
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-8284
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.51% / 39.61%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 16:27
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Packet Power EMX and EG Missing Authentication for Critical Function

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.

Action-Not Available
Vendor-Packet Power
Product-EMXEG
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-24924
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.52% / 40.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:02
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

Action-Not Available
Vendor-GMOD
Product-Apollo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-10386
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.3||CRITICAL
EPSS-16.63% / 96.63%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 17:04
Updated-05 Nov, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanagerFactoryTalk ThinManagerthinmanager
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-54344
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.55% / 41.93%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-05 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.

Action-Not Available
Vendor-equinox
Product-[OSGi
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-54352
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.61% / 44.99%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 01:55
Updated-08 Jun, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

Action-Not Available
Vendor-WP Travel Kit
Product-Travelscape
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-54342
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 36.35%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-05 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.

Action-Not Available
Vendor-equinox
Product-[OSGi
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-53968
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.56% / 42.21%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-26 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.

Action-Not Available
Vendor-dbbroadcastDB Elettronica Telecomunicazioni SpA
Product-sft_dab_600\/c_firmwaresft_dab_600\/cScreen SFT DAB 600/C
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-53969
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 36.40%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-26 Dec, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Password Change

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.

Action-Not Available
Vendor-dbbroadcastDB Elettronica Telecomunicazioni SpA
Product-sft_dab_600\/c_firmwaresft_dab_600\/cScreen SFT DAB 600/C
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-71318
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.53% / 41.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 17:49
Updated-08 Jun, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands — including shutdown, reboot, switch-on-bypass, and battery test — without supplying any credentials.

Action-Not Available
Vendor-Riello UPS
Product-NetMan 204
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25550
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 49.70%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 17:13
Updated-04 Jun, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling to read or write arbitrary files on the server using the .NET WebClient class, or coerce NTLMv2 authentication by supplying a UNC path to an attacker-controlled server, enabling sensitive credential disclosure, remote code execution, or lateral movement depending on service account privileges and network environment. The service runs in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Seagull Software, LLC.
Product-BarTender 2019BarTender 2010BarTender 2016
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24423
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-87.69% / 99.74%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:53
Updated-05 Mar, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-26||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Action-Not Available
Vendor-smartertoolsSmarterToolsSmarterTools
Product-smartermailSmarterMailSmarterMail
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25412
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.77% / 51.13%
||
7 Day CHG~0.00%
Published-30 May, 2026 | 14:55
Updated-03 Jun, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Action-Not Available
Vendor-deltasql_projectDeltasql
Product-deltasqlDelta Sql
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-24728
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.41% / 33.19%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 03:48
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interinfo DreamMaker - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.

Action-Not Available
Vendor-Internet Information Co., Ltd
Product-DreamMaker
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-23760
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-96.27% / 99.87%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 14:35
Updated-05 Mar, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-16||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Action-Not Available
Vendor-smartertoolsSmarterToolsSmarterTools
Product-smartermailSmarterMailSmarterMail
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-22679
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-21.48% / 97.31%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 12:51
Updated-05 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

Action-Not Available
Vendor-weaverWeaver Network Co., Ltd.
Product-e-cologyE-cology
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-22898
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.68% / 47.99%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 16:21
Updated-14 Apr, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvr_proQVR Pro
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2096
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.52% / 40.32%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 06:59
Updated-13 Feb, 2026 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

Action-Not Available
Vendor-flowringFlowring
Product-agentflowAgentflow
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2020-36892
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.92% / 55.84%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 20:52
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.

Action-Not Available
Vendor-eibizEIBIZ Co.,Ltd.
Product-i-media_server_digital_signagei-Media Server Digital Signage
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-36904
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.53%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:39
Updated-02 Jan, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.

Action-Not Available
Vendor-Selea
Product-Selea CarPlateServer (CPS)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1670
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 53.18%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 22:56
Updated-18 Feb, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Action-Not Available
Vendor-Honeywell International Inc.
Product-SMB NDAA MVO-3I-HIB2PI-UL 2MP IP25M IPCPTZ WDR 2MP 32M
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-50593
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.64% / 46.02%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 19:57
Updated-08 Dec, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-50592
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.58% / 43.62%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 19:57
Updated-24 Nov, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-4978
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.56% / 72.22%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 13:49
Updated-23 Jul, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Action-Not Available
Vendor-Steppschuh
Product-Remote Control Collection Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found