A specific administrative endpoint notifications is accessible without proper authentication.
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
An improper access check allows unauthorized access to webservice endpoints.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session va
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoin
An authenticated user without user-management permissions could view other users account information.
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
Page 1+ Next →