Medium
CVSS: 5.3
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FF…
High
CVSS: 8.1
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before H…
High
CVSS: 8.7
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with…
High
CVSS: 8.8
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GE…
High
CVSS: 8.7
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characte…
High
CVSS: 8.7
VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters…
Critical
CVSS: 9.1
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registe…
High
CVSS: 8.7
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Medium
CVSS: 6.9
A specific administrative endpoint notifications is accessible without proper authentication.
Critical
CVSS: 9.2
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
Critical
CVSS: 9.1
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job exec…
Critical
CVSS: 9.1
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Critical
CVSS: 9.2
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a speci…
Critical
CVSS: 9.2
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId…
Critical
CVSS: 9.1
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. T…
Medium
CVSS: 6.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.
Medium
CVSS: 4.0
HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.
Medium
CVSS: 6.9
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v…
Medium
CVSS: 5.3
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.j…
High
CVSS: 7.5
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback even…