Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56270

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-24 Jun, 2026 | 11:53
Updated At-24 Jun, 2026 | 12:46
Rejected At-
Credits

Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations. This affects FlowiseAI Cloud and self-hosted instances where the endpoint is exposed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:24 Jun, 2026 | 11:53
Updated At:24 Jun, 2026 | 12:46
Rejected At:
▼CVE Numbering Authority (CNA)
Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations. This affects FlowiseAI Cloud and self-hosted instances where the endpoint is exposed.

Affected Products
Vendor
Flowise
Product
Flowise
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0 (semver)
Unaffected
  • 3.1.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-306Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
berkdedekarginoglu
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
vendor-advisory
https://www.vulncheck.com/advisories/flowise-unauthenticated-oauth-secrets-disclosure-via-api-v1-loginmethod-endpoint
third-party-advisory
Hyperlink: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
Resource:
vendor-advisory
Hyperlink: https://www.vulncheck.com/advisories/flowise-unauthenticated-oauth-secrets-disclosure-via-api-v1-loginmethod-endpoint
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
exploit
Hyperlink: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:24 Jun, 2026 | 13:16
Updated At:26 Jun, 2026 | 02:01

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations. This affects FlowiseAI Cloud and self-hosted instances where the endpoint is exposed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

flowiseai
flowiseai
>>flowise>>Versions before 3.1.0(exclusive)
cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarydisclosure@vulncheck.com
CWE ID: CWE-306
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vxdisclosure@vulncheck.com
Exploit
Vendor Advisory
https://www.vulncheck.com/advisories/flowise-unauthenticated-oauth-secrets-disclosure-via-api-v1-loginmethod-endpointdisclosure@vulncheck.com
Third Party Advisory
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
Source: disclosure@vulncheck.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://www.vulncheck.com/advisories/flowise-unauthenticated-oauth-secrets-disclosure-via-api-v1-loginmethod-endpoint
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

287Records found

CVE-2025-71324
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.62%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 21:41
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise - Arbitrary File Read via chatId Parameter

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.

Action-Not Available
Vendor-flowiseaiFlowise
Product-flowiseFlowise
CWE ID-CWE-73
External Control of File Name or Path
CVE-2024-36421
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-8.49% / 94.37%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 15:58
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user. This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.

Action-Not Available
Vendor-flowiseaiFlowiseAIflowiseai
Product-flowiseFlowiseflowise
CWE ID-CWE-346
Origin Validation Error
CVE-2026-41266
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 26.59%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 19:11
Updated-25 Apr, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more. This vulnerability is fixed in 3.1.0.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseFlowise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-862
Missing Authorization
CVE-2026-41278
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.86%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 19:52
Updated-24 Apr, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image. Both public-chatflows AND public-chatbotConfig return completely raw flowData including credential IDs, plaintext API keys, and password-type fields. This vulnerability is fixed in 3.1.0.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseFlowise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-59527
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-4.63% / 90.58%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 19:48
Updated-23 Sep, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseFlowise
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-36420
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.76% / 75.28%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 15:53
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName` body parameter. No known patches for this issue are available.

Action-Not Available
Vendor-flowiseaiFlowiseAIflowiseai
Product-flowiseFlowiseflowise
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-41273
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.31% / 22.55%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 19:29
Updated-24 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential identifiers, which can then be used to refresh and obtain valid OAuth 2.0 access tokens without authentication. This vulnerability is fixed in 3.1.0.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseFlowise
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-8943
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-9.8||CRITICAL
EPSS-70.87% / 99.32%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 09:54
Updated-23 Sep, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

Action-Not Available
Vendor-flowiseai
Product-flowise
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2025-71327
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 36.69%
||
7 Day CHG-0.02%
Published-25 Jun, 2026 | 21:41
Updated-26 Jun, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise - Authentication Bypass via Unprotected Registration Endpoint

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

Action-Not Available
Vendor-Flowise
Product-Flowise
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-25224
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.06%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 00:12
Updated-15 Sep, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

Action-Not Available
Vendor-luxsoftLuxSoft
Product-luxcal_web_calendarThe LuxCal Web Calendar
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-6376
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.50% / 38.96%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 20:10
Updated-16 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing authentication for critical function in SpiceJet Online Booking System

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user who can obtain or guess those basic inputs. The issue arises from improper access control on a sensitive data retrieval function.

Action-Not Available
Vendor-SpiceJet
Product-Online Booking System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4240
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.72%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 16:15
Updated-09 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated API allowing an attacker to obtain the information about network resources

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1

Action-Not Available
Vendor-Honeywell International Inc.
Product-onewireless_network_wireless_device_manageronewireless_network_wireless_device_manager_firmwareOneWireless
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-41629
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.59% / 43.87%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:51
Updated-16 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-infrasuite_device_masterInfraSuite Device Master
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4228
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 64.74%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-19 Nov, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Book Store Management System information disclosure

A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.

Action-Not Available
Vendor-book_store_management_system_projectSourceCodester
Product-book_store_management_systemBook Store Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-5749
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.7||HIGH
EPSS-0.27% / 18.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 13:23
Updated-19 May, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inadequate access control vulnerability in Fullstep

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.

Action-Not Available
Vendor-Fullstep
Product-Fullstep
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-17517
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.27% / 80.89%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 08:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ozone S3 Gateway allows bucket and key access to non authenticated users

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-58375
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.46% / 36.54%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:58
Updated-02 Jul, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id without verifying the auto-export configuration flag. An unauthenticated remote attacker can enumerate Snowflake report identifiers and export the full contents of any report, including the data returned by the report configured SQL queries and any credentials embedded in its data sources.

Action-Not Available
Vendor-jeecgboot
Product-jimureport
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-15078
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-7.5||HIGH
EPSS-5.11% / 91.34%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 13:19
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Action-Not Available
Vendor-openvpnn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopenvpnOpenVPN
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-14567
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.68% / 48.03%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 16:02
Updated-23 Dec, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
haxxorsid Stock-Management-System employees missing authentication

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-haxxorsidhaxxorsid
Product-stock-management-systemStock-Management-System
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-38817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.94% / 85.44%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 12:32
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-dapr_dashboardn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-11949
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.41%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 06:49
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.

Action-Not Available
Vendor-Digiwin
Product-EasyFlow AiNetEasyFlow .NET
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-13856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.42%
||
7 Day CHG~0.00%
Published-01 Feb, 2021 | 01:18
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.

Action-Not Available
Vendor-mofinetworkn/a
Product-mofi4500-4gxelte_firmwaremofi4500-4gxelten/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.46% / 97.76%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 17:15
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

Action-Not Available
Vendor-chadhaajayn/aThe PHP Group
Product-phpphpkbn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-12266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 74.72%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:33
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn531g3wn531a6_firmwarewn531a6wn578a2_firmwarewn579g3_firmwarewn579x3wl-wn575a3_firmwarewn579x3_firmwarewn579g3wn57x93wl-wn530hg4wn551k1wl-wn579g3wn535g3_firmwarewn531g3_firmwarewn551k1_firmwarewn535g3wn530h4_firmwarewn530h4wl-wn575a3jetstream_erac3000_firmwarewl-wn579g3_firmwarewl-wn530hg4_firmwarewn533a8_firmwarewn57x93_firmwarejetstream_ac3000_firmwarewn533a8jetstream_erac3000wn578a2jetstream_ac3000n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.71%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:14
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.76% / 93.91%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 17:50
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn551k1wn531g3wn531g3_firmwarewn551k1_firmwarewn530hg4_firmwarewn530hg4wn533a8_firmwarewn533a8n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 74.22%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 17:42
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn531a6_firmwarewn531a6wn578a2_firmwarewn579g3_firmwarewn575a4wn579x3wl-wn575a3_firmwarewn579x3_firmwarewn572hg3_firmwarewn579g3wn572hg3wn57x93wl-wn579g3wn535g3_firmwarewn530h4wn535g3wn530h4_firmwarewl-wn575a3wn575a4_firmwarejetstream_erac3000_firmwarewl-wn579g3_firmwarewn57x93_firmwarejetstream_ac3000_firmwarejetstream_erac3000wn578a2jetstream_ac3000n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-0355
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 07:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.

Action-Not Available
Vendor-NEC Corporation
Product-WX4200D5WX3000HPWG1200CRWF1200CRWG2600HM4WG2600HS2GB1200PEWG2600HSWG2600HP4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25058
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.13%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 16:03
Updated-23 Apr, 2026 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vexa's unauthenticated internal transcript endpoint exposed by default

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or authorization checks. An unauthenticated attacker can enumerate all meeting IDs, access any user's meeting transcripts without credentials, and steal confidential business conversations, passwords, and/or PII. Version 0.10.0-260419-1910 patches the issue.

Action-Not Available
Vendor-vexaVexa-ai
Product-vexavexa
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2026-25071
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.51% / 39.87%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 00:20
Updated-11 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XikeStor SKS8310-8X switch_config.src Missing Authentication

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switch_config.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to retrieve sensitive configuration information including VLAN settings and IP addressing details.

Action-Not Available
Vendor-seekswanAnhui Seeker Electronic Technology Co., LTD.
Product-zikestor_sks8310-8xzikestor_sks8310-8x_firmwareXikeStor SKS8310-8X
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2011-4322
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 14:57
Updated-07 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

websitebaker prior to and including 2.8.1 has an authentication error in backup module.

Action-Not Available
Vendor-websitebakerwebsitebaker
Product-websitebakerwebsitebaker
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-35572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.32%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 21:17
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-e5350e5350_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25751
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 18.48%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 19:07
Updated-10 Feb, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FUXA Unauthenticated Exposure of Plaintext Database Credentials

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

Action-Not Available
Vendor-frangoteamfrangoteam
Product-fuxaFUXA
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-34908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.64% / 46.12%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.

Action-Not Available
Vendor-aremisn/a
Product-aremis_4_nomadsn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2024-58336
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.93%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-16 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

Action-Not Available
Vendor-The Akuvox CompanyAkuvox (SMART-PLUS PTE. LTD.)
Product-r20a-2x915s539s532_firmwarer20k-2r29ns-2c313w-2x915_firmwares539_firmwarenx-2_firmwarenc-2_firmwarenx-2x916x912nc-2x916_firmwarens-2_firmwarex912_firmwarec313w-2_firmwares532r20a-2_firmwarer20k-2_firmwarer29_firmwareAkuvox Smart IntercomAkuvox Smart Doorphone
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-58300
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.74%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 21:39
Updated-07 Apr, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.

Action-Not Available
Vendor-Siklu
Product-MultiHaul TG series
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-32157
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7.5||HIGH
EPSS-1.26% / 65.94%
||
7 Day CHG+0.03%
Published-15 Jun, 2022 | 16:50
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5749
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.21% / 64.82%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 17:27
Updated-24 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

Action-Not Available
Vendor-HP Inc.
Product-f9a29c_firmwaref9a29e_firmwaref9a29b_firmwaref9a29g_firmwaref9a30cf9a30et5d66a_firmwaref9a29af9a29df9a30g_firmwaref9a30bf9a30d_firmwaref9a29gf9a30e_firmwaref9a30gf9a30a_firmware1jl02b_firmwaref9a29a_firmwaref9a30c_firmwaref9a29d_firmwaref9a29cf9a30a1jl02bf9a29et5d67a_firmwaref9a30b_firmwaret5d66at5d67af9a29bf9a30dCertain HP DesignJet productsdesignjet_t830_firmwaredesignjet_t730_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-33138
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.15% / 62.87%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 X
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-15654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.00%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 17:18
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

Action-Not Available
Vendor-comban/a
Product-ac2400_firmwareac2400n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-53623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 30.79%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-n/aarcher_c7_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1724
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 36.60%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:34
Updated-27 Mar, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50589
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.72%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 11:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unprotected FHIR API

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).

Action-Not Available
Vendor-HASOMEDhasomed
Product-Elefantelefant
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50630
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.5||HIGH
EPSS-22.72% / 97.44%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 05:50
Updated-19 Mar, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-Synology Drive Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-27169
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.64% / 73.51%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 20:15
Updated-15 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Software
Product-oas_platformOAS Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-26067
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-4.9||MEDIUM
EPSS-1.22% / 65.03%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 20:15
Updated-15 Apr, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Software
Product-oas_platformOAS Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process

Action-Not Available
Vendor-n/aalmando
Product-n/aalmando_play_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.34%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.

Action-Not Available
Vendor-n/afermax
Product-n/avida
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.85%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.

Action-Not Available
Vendor-n/aledvance
Product-n/asmartplus_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-26267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.80%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 22:57
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

Action-Not Available
Vendor-n/aPiwigo
Product-piwigon/a
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found