Common Weakness Enumeration

CWE-306

Allowed

Missing Authentication for Critical Function

Abstraction: Base · Status: Draft

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

3458 vulnerabilities reference this CWE, most recent first.

CVE-2026-20253 (GCVE-0-2026-20253)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-19 03:55
VLAI
Title
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
Summary
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Create a notification for this product.
Date Public
2026-06-10 00:00
Credits
Alex Hordijk (hordalex)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20253",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-19T03:55:19.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-18T00:00:00.000Z",
            "value": "CVE-2026-20253 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alex Hordijk (hordalex)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
            }
          ],
          "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T20:33:56.243Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0603"
      },
      "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20253",
    "datePublished": "2026-06-10T17:16:21.242Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-19T03:55:19.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20223 (GCVE-0-2026-20223)

Vulnerability from cvelistv5 – Published: 2026-05-20 16:06 – Updated: 2026-05-21 03:55
VLAI
Title
Cisco Secure Workload Unauthorized API Access Vulnerability
Summary
A vulnerability in the&nbsp;access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the&nbsp;Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the&nbsp;Site Admin user.&nbsp;
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Workload Affected: 2.2.1.41
Affected: 3.2.1.18
Affected: 3.3.2.50
Affected: 3.4.1.28
Affected: 3.4.1.34
Affected: 2.3.1.45
Affected: 2.3.1.41
Affected: 3.3.2.28
Affected: 3.1.1.59
Affected: 2.0.2.20
Affected: 2.1.1.33
Affected: 2.1.1.29
Affected: 3.2.1.28
Affected: 3.4.1.35
Affected: 3.1.1.65
Affected: 3.1.1.67
Affected: 2.0.1.34
Affected: 2.3.1.49
Affected: 2.2.1.39
Affected: 3.4.1.19
Affected: 3.3.2.23
Affected: 3.1.1.61
Affected: 3.1.1.54
Affected: 3.5.1.17
Affected: 3.3.2.33
Affected: 3.5.1.1
Affected: 2.3.1.53
Affected: 3.5.1.20
Affected: 3.5.1.30
Affected: 3.3.2.16
Affected: 3.1.1.55
Affected: 3.4.1.6
Affected: 2.3.1.50
Affected: 2.3.1.52
Affected: 3.2.1.19
Affected: 2.2.1.35
Affected: 3.1.1.53
Affected: 3.1.1.70
Affected: 3.2.1.20
Affected: 3.5.1.2
Affected: 1.103.1.12
Affected: 2.3.1.51
Affected: 3.3.2.42
Affected: 3.4.1.1
Affected: 3.3.2.12
Affected: 2.1.1.31
Affected: 3.5.1.23
Affected: 3.3.2.53
Affected: 3.4.1.14
Affected: 3.3.2.2
Affected: 3.4.1.20
Affected: 3.3.2.35
Affected: 2.2.1.34
Affected: 1.102.21
Affected: 3.3.2.5
Affected: 3.5.1.31
Affected: 3.6.1.5
Affected: 3.2.1.31
Affected: 3.5.1.37
Affected: 3.4.1.40
Affected: 3.6.1.17
Affected: 3.6.1.21
Affected: 3.2.1.32
Affected: 3.2.1.33
Affected: 3.6.1.35
Affected: 3.6.1.36
Affected: 3.7.1.5
Affected: 3.6.1.47
Affected: 3.7.1.22
Affected: 3.6.1.52
Affected: 3.7.1.39
Affected: 3.8.1.1
Affected: 3.7.1.51
Affected: 3.8.1.19
Affected: 3.8.1.36
Affected: 3.7.1.59
Affected: 3.8.1.39
Affected: 3.9.1.1
Affected: 3.9.1.10
Affected: 3.9.1.24
Affected: 3.9.1.25
Affected: 3.9.1.28
Affected: 3.9.1.38
Affected: 3.8.1.53
Affected: 3.9.1.52
Affected: 3.10.1.1
Affected: 3.9.1.64
Affected: 3.10.2.11
Affected: 3.9.1.66
Affected: 3.10.3.19
Affected: 3.9.1.69
Affected: 3.10.4.8
Affected: 3.10.5.6
Affected: 4.0.1.1
Affected: 4.0.2.4
Affected: 4.0.2.5
Affected: 3.10.6.3
Affected: 3.10.7.4
Affected: 4.0.3.13
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:37.210Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Workload",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.1.41"
            },
            {
              "status": "affected",
              "version": "3.2.1.18"
            },
            {
              "status": "affected",
              "version": "3.3.2.50"
            },
            {
              "status": "affected",
              "version": "3.4.1.28"
            },
            {
              "status": "affected",
              "version": "3.4.1.34"
            },
            {
              "status": "affected",
              "version": "2.3.1.45"
            },
            {
              "status": "affected",
              "version": "2.3.1.41"
            },
            {
              "status": "affected",
              "version": "3.3.2.28"
            },
            {
              "status": "affected",
              "version": "3.1.1.59"
            },
            {
              "status": "affected",
              "version": "2.0.2.20"
            },
            {
              "status": "affected",
              "version": "2.1.1.33"
            },
            {
              "status": "affected",
              "version": "2.1.1.29"
            },
            {
              "status": "affected",
              "version": "3.2.1.28"
            },
            {
              "status": "affected",
              "version": "3.4.1.35"
            },
            {
              "status": "affected",
              "version": "3.1.1.65"
            },
            {
              "status": "affected",
              "version": "3.1.1.67"
            },
            {
              "status": "affected",
              "version": "2.0.1.34"
            },
            {
              "status": "affected",
              "version": "2.3.1.49"
            },
            {
              "status": "affected",
              "version": "2.2.1.39"
            },
            {
              "status": "affected",
              "version": "3.4.1.19"
            },
            {
              "status": "affected",
              "version": "3.3.2.23"
            },
            {
              "status": "affected",
              "version": "3.1.1.61"
            },
            {
              "status": "affected",
              "version": "3.1.1.54"
            },
            {
              "status": "affected",
              "version": "3.5.1.17"
            },
            {
              "status": "affected",
              "version": "3.3.2.33"
            },
            {
              "status": "affected",
              "version": "3.5.1.1"
            },
            {
              "status": "affected",
              "version": "2.3.1.53"
            },
            {
              "status": "affected",
              "version": "3.5.1.20"
            },
            {
              "status": "affected",
              "version": "3.5.1.30"
            },
            {
              "status": "affected",
              "version": "3.3.2.16"
            },
            {
              "status": "affected",
              "version": "3.1.1.55"
            },
            {
              "status": "affected",
              "version": "3.4.1.6"
            },
            {
              "status": "affected",
              "version": "2.3.1.50"
            },
            {
              "status": "affected",
              "version": "2.3.1.52"
            },
            {
              "status": "affected",
              "version": "3.2.1.19"
            },
            {
              "status": "affected",
              "version": "2.2.1.35"
            },
            {
              "status": "affected",
              "version": "3.1.1.53"
            },
            {
              "status": "affected",
              "version": "3.1.1.70"
            },
            {
              "status": "affected",
              "version": "3.2.1.20"
            },
            {
              "status": "affected",
              "version": "3.5.1.2"
            },
            {
              "status": "affected",
              "version": "1.103.1.12"
            },
            {
              "status": "affected",
              "version": "2.3.1.51"
            },
            {
              "status": "affected",
              "version": "3.3.2.42"
            },
            {
              "status": "affected",
              "version": "3.4.1.1"
            },
            {
              "status": "affected",
              "version": "3.3.2.12"
            },
            {
              "status": "affected",
              "version": "2.1.1.31"
            },
            {
              "status": "affected",
              "version": "3.5.1.23"
            },
            {
              "status": "affected",
              "version": "3.3.2.53"
            },
            {
              "status": "affected",
              "version": "3.4.1.14"
            },
            {
              "status": "affected",
              "version": "3.3.2.2"
            },
            {
              "status": "affected",
              "version": "3.4.1.20"
            },
            {
              "status": "affected",
              "version": "3.3.2.35"
            },
            {
              "status": "affected",
              "version": "2.2.1.34"
            },
            {
              "status": "affected",
              "version": "1.102.21"
            },
            {
              "status": "affected",
              "version": "3.3.2.5"
            },
            {
              "status": "affected",
              "version": "3.5.1.31"
            },
            {
              "status": "affected",
              "version": "3.6.1.5"
            },
            {
              "status": "affected",
              "version": "3.2.1.31"
            },
            {
              "status": "affected",
              "version": "3.5.1.37"
            },
            {
              "status": "affected",
              "version": "3.4.1.40"
            },
            {
              "status": "affected",
              "version": "3.6.1.17"
            },
            {
              "status": "affected",
              "version": "3.6.1.21"
            },
            {
              "status": "affected",
              "version": "3.2.1.32"
            },
            {
              "status": "affected",
              "version": "3.2.1.33"
            },
            {
              "status": "affected",
              "version": "3.6.1.35"
            },
            {
              "status": "affected",
              "version": "3.6.1.36"
            },
            {
              "status": "affected",
              "version": "3.7.1.5"
            },
            {
              "status": "affected",
              "version": "3.6.1.47"
            },
            {
              "status": "affected",
              "version": "3.7.1.22"
            },
            {
              "status": "affected",
              "version": "3.6.1.52"
            },
            {
              "status": "affected",
              "version": "3.7.1.39"
            },
            {
              "status": "affected",
              "version": "3.8.1.1"
            },
            {
              "status": "affected",
              "version": "3.7.1.51"
            },
            {
              "status": "affected",
              "version": "3.8.1.19"
            },
            {
              "status": "affected",
              "version": "3.8.1.36"
            },
            {
              "status": "affected",
              "version": "3.7.1.59"
            },
            {
              "status": "affected",
              "version": "3.8.1.39"
            },
            {
              "status": "affected",
              "version": "3.9.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1.10"
            },
            {
              "status": "affected",
              "version": "3.9.1.24"
            },
            {
              "status": "affected",
              "version": "3.9.1.25"
            },
            {
              "status": "affected",
              "version": "3.9.1.28"
            },
            {
              "status": "affected",
              "version": "3.9.1.38"
            },
            {
              "status": "affected",
              "version": "3.8.1.53"
            },
            {
              "status": "affected",
              "version": "3.9.1.52"
            },
            {
              "status": "affected",
              "version": "3.10.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1.64"
            },
            {
              "status": "affected",
              "version": "3.10.2.11"
            },
            {
              "status": "affected",
              "version": "3.9.1.66"
            },
            {
              "status": "affected",
              "version": "3.10.3.19"
            },
            {
              "status": "affected",
              "version": "3.9.1.69"
            },
            {
              "status": "affected",
              "version": "3.10.4.8"
            },
            {
              "status": "affected",
              "version": "3.10.5.6"
            },
            {
              "status": "affected",
              "version": "4.0.1.1"
            },
            {
              "status": "affected",
              "version": "4.0.2.4"
            },
            {
              "status": "affected",
              "version": "4.0.2.5"
            },
            {
              "status": "affected",
              "version": "3.10.6.3"
            },
            {
              "status": "affected",
              "version": "3.10.7.4"
            },
            {
              "status": "affected",
              "version": "4.0.3.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the\u0026nbsp;access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the\u0026nbsp;Site Admin role.\r\n\r\nThis vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the\u0026nbsp;Site Admin user.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T16:06:30.740Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-csw-pnbsa-g8WEnuy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-csw-pnbsa-g8WEnuy",
        "defects": [
          "CSCwt99942"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Workload Unauthorized API Access Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20223",
    "datePublished": "2026-05-20T16:06:30.740Z",
    "dateReserved": "2025-10-08T11:59:15.399Z",
    "dateUpdated": "2026-05-21T03:55:37.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-16015 (GCVE-0-2026-16015)

Vulnerability from cvelistv5 – Published: 2026-07-17 13:15 – Updated: 2026-07-17 13:15 X_Open Source
VLAI
Title
poco-ai poco-claw executor_manager API tasks.py create_task missing authentication
Summary
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.5.7 is able to resolve this issue. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. It is recommended to upgrade the affected component.
CWE
Assigner
Impacted products
Vendor Product Version
poco-ai poco-claw Affected: 0.5.0
Affected: 0.5.1
Affected: 0.5.2
Affected: 0.5.3
Affected: 0.5.4
Unaffected: 0.5.7
    cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Erichen (VulDB User)
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "executor_manager API"
          ],
          "product": "poco-claw",
          "vendor": "poco-ai",
          "versions": [
            {
              "status": "affected",
              "version": "0.5.0"
            },
            {
              "status": "affected",
              "version": "0.5.1"
            },
            {
              "status": "affected",
              "version": "0.5.2"
            },
            {
              "status": "affected",
              "version": "0.5.3"
            },
            {
              "status": "affected",
              "version": "0.5.4"
            },
            {
              "status": "unaffected",
              "version": "0.5.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Erichen (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.5.7 is able to resolve this issue. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. It is recommended to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T13:15:12.605Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-379757 | poco-ai poco-claw executor_manager API tasks.py create_task missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/379757"
        },
        {
          "name": "VDB-379757 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/379757/cti"
        },
        {
          "name": "CVE-2026-16015 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-16015"
        },
        {
          "name": "Submit #856812 | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/856812"
        },
        {
          "name": "Submit #856813 | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/856813"
        },
        {
          "name": "Submit #856815 | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/856815"
        },
        {
          "name": "Submit #856816 | poco-ai poco-agent 0.5.4 Authorization Bypass Through User-Controlled Key (CWE-639) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/856816"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/poco-ai/poco-claw/issues/136"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/poco-ai/poco-claw/pull/135"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/poco-ai/poco-claw/issues/137"
        },
        {
          "tags": [
            "exploit",
            "patch"
          ],
          "url": "https://github.com/poco-ai/poco-claw/commit/67fcc88505c57f77d3fcf04eb5b89425b10cbf48"
        },
        {
          "tags": [
            "exploit",
            "patch"
          ],
          "url": "https://github.com/poco-ai/poco-claw/releases/tag/0.5.7"
        },
        {
          "tags": [
            "exploit",
            "product"
          ],
          "url": "https://github.com/poco-ai/poco-claw/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-17T07:49:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "poco-ai poco-claw executor_manager API tasks.py create_task missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-16015",
    "datePublished": "2026-07-17T13:15:12.605Z",
    "dateReserved": "2026-07-17T05:44:00.706Z",
    "dateUpdated": "2026-07-17T13:15:12.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15491 (GCVE-0-2026-15491)

Vulnerability from cvelistv5 – Published: 2026-07-12 09:45 – Updated: 2026-07-14 14:41
VLAI
Title
RafyMrX TOKO-ONLINE-ROTI missing authentication
Summary
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/377798 vdb-entry
https://vuldb.com/vuln/377798/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-15491 third-party-advisory
https://vuldb.com/submit/844137 third-party-advisory
Impacted products
Vendor Product Version
RafyMrX TOKO-ONLINE-ROTI Affected: ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
    cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Dest1ny_1 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-14T14:40:54.410312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-14T14:41:07.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*"
          ],
          "product": "TOKO-ONLINE-ROTI",
          "vendor": "RafyMrX",
          "versions": [
            {
              "status": "affected",
              "version": "ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dest1ny_1 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-12T09:45:06.760Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377798 | RafyMrX TOKO-ONLINE-ROTI missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/377798"
        },
        {
          "name": "VDB-377798 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377798/cti"
        },
        {
          "name": "CVE-2026-15491 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15491"
        },
        {
          "name": "Submit #844137 | RafyMrX TOKO-ONLINE-ROTI latest (2026-05, no formal release) Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/844137"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-11T14:03:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "RafyMrX TOKO-ONLINE-ROTI missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15491",
    "datePublished": "2026-07-12T09:45:06.760Z",
    "dateReserved": "2026-07-11T11:58:42.133Z",
    "dateUpdated": "2026-07-14T14:41:07.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15416 (GCVE-0-2026-15416)

Vulnerability from cvelistv5 – Published: 2026-07-14 08:56 – Updated: 2026-07-15 14:39
VLAI
Title
Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
Summary
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
Impacted products
Vendor Product Version
argoproj argo-helm Affected: 0 , < 10.0.0 (semver)
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
Create a notification for this product.
Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
Create a notification for this product.
Date Public
2026-07-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-15T14:39:38.453802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T14:39:52.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/argoproj/argo-helm",
          "defaultStatus": "unaffected",
          "packageName": "argo-helm",
          "product": "argo-helm",
          "vendor": "argoproj",
          "versions": [
            {
              "lessThan": "10.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "odf4/odf-multicluster-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unknown",
          "packageName": "openshift-gitops-1/argocd-agent-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-gitops-1/argocd-agent-rhel9",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argocd-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unknown",
          "packageName": "openshift-gitops-1/argocd-rhel9",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/gitops-operator-bundle",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/gitops-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/gitops-rhel8-operator",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-gitops-1/gitops-rhel9",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-gitops-1/gitops-rhel9-operator",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-07-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T13:46:03.711Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-15416"
        },
        {
          "name": "RHBZ#2496732",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496732"
        },
        {
          "url": "https://github.com/argoproj/argo-helm/commit/0f245ab"
        },
        {
          "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
        },
        {
          "url": "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html"
        },
        {
          "url": "https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-03T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-07-01T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint",
      "workarounds": [
        {
          "lang": "en",
          "value": "Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-15416",
    "datePublished": "2026-07-14T08:56:29.942Z",
    "dateReserved": "2026-07-10T14:49:39.682Z",
    "dateUpdated": "2026-07-15T14:39:52.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15192 (GCVE-0-2026-15192)

Vulnerability from cvelistv5 – Published: 2026-07-09 16:30 – Updated: 2026-07-09 18:08
VLAI
Title
mettle sendportal APIv1 Webhooks mailjet missing authentication
Summary
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/377118 vdb-entrytechnical-description
https://vuldb.com/vuln/377118/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-15192 third-party-advisory
https://vuldb.com/submit/851624 third-party-advisory
https://github.com/mettle/sendportal/issues/340 exploitissue-tracking
https://github.com/mettle/sendportal/ product
Impacted products
Vendor Product Version
mettle sendportal Affected: 3.0.0
Affected: 3.0.1
    cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Superman_04 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15192",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-09T17:53:27.825956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-09T18:08:24.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "APIv1 Webhooks"
          ],
          "product": "sendportal",
          "vendor": "mettle",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Superman_04 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T16:30:09.358Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377118 | mettle sendportal APIv1 Webhooks mailjet missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/377118"
        },
        {
          "name": "VDB-377118 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377118/cti"
        },
        {
          "name": "CVE-2026-15192 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15192"
        },
        {
          "name": "Submit #851624 | Mettle sendportal Latest Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/851624"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/mettle/sendportal/issues/340"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/mettle/sendportal/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-09T07:41:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "mettle sendportal APIv1 Webhooks mailjet missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15192",
    "datePublished": "2026-07-09T16:30:09.358Z",
    "dateReserved": "2026-07-09T05:36:19.016Z",
    "dateUpdated": "2026-07-09T18:08:24.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15063 (GCVE-0-2026-15063)

Vulnerability from cvelistv5 – Published: 2026-07-08 14:58 – Updated: 2026-07-08 15:56
VLAI
Title
Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled
Summary
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-15063 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2498058 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Date Public
2026-07-08 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T15:56:03.613145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T15:56:34.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-trustyai-service-operator-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-07-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T14:58:12.105Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-15063"
        },
        {
          "name": "RHBZ#2498058",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498058"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-08T14:30:11.515Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-07-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-15063",
    "datePublished": "2026-07-08T14:58:12.105Z",
    "dateReserved": "2026-07-08T14:31:24.772Z",
    "dateUpdated": "2026-07-08T15:56:34.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14714 (GCVE-0-2026-14714)

Vulnerability from cvelistv5 – Published: 2026-07-05 05:30 – Updated: 2026-07-06 18:20 X_Open Source
VLAI
Title
zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication
Summary
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
zhayujie chatgpt-on-wechat CowAgent Affected: 2.1.0
Unaffected: 2.1.1
    cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-j (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14714",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T18:19:17.226246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T18:20:42.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "wx Endpoint"
          ],
          "product": "chatgpt-on-wechat CowAgent",
          "vendor": "zhayujie",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "unaffected",
              "version": "2.1.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-j (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: \"We\u0027ve added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash.\""
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-05T05:30:09.514Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376304 | zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376304"
        },
        {
          "name": "VDB-376304 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376304/cti"
        },
        {
          "name": "CVE-2026-14714 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14714"
        },
        {
          "name": "Submit #847484 | zhayujie chatgpt-on-wechat / CowAgent 2.1.0 Missing Authentication for Critical Function (CWE-306)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/847484"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/zhayujie/CowAgent/issues/2860"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zhayujie/CowAgent/commit/3d7c68bac6ee74fad63f43cf99e45c62e202ed55"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zhayujie/CowAgent/releases/tag/2.1.1"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T09:49:02.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14714",
    "datePublished": "2026-07-05T05:30:09.514Z",
    "dateReserved": "2026-07-04T07:43:09.434Z",
    "dateUpdated": "2026-07-06T18:20:42.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14622 (GCVE-0-2026-14622)

Vulnerability from cvelistv5 – Published: 2026-07-04 08:45 – Updated: 2026-07-06 16:22
VLAI
Title
jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication
Summary
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
jairiidriss restaurant-website-php-mysql Affected: 521428b5b612449df0cf4a5d15ee40cba67f3d35
    cpe:2.3:a:jairiidriss:restaurant-website-php-mysql:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Fklov (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14622",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T16:22:42.212289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T16:22:53.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:jairiidriss:restaurant-website-php-mysql:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "AJAX Endpoint"
          ],
          "product": "restaurant-website-php-mysql",
          "vendor": "jairiidriss",
          "versions": [
            {
              "status": "affected",
              "version": "521428b5b612449df0cf4a5d15ee40cba67f3d35"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Fklov (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T08:45:08.095Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376138 | jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/376138"
        },
        {
          "name": "VDB-376138 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376138/cti"
        },
        {
          "name": "CVE-2026-14622 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14622"
        },
        {
          "name": "Submit #845099 | jairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticat",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/845099"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/jairiidriss/restaurant-website-php-mysql/issues/6"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/jairiidriss/restaurant-website-php-mysql/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-03T19:00:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14622",
    "datePublished": "2026-07-04T08:45:08.095Z",
    "dateReserved": "2026-07-03T16:55:27.784Z",
    "dateUpdated": "2026-07-06T16:22:53.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14162 (GCVE-0-2026-14162)

Vulnerability from cvelistv5 – Published: 2026-06-30 10:57 – Updated: 2026-06-30 12:25
VLAI
Title
Advantech|Hospital Quering Management - Missing Authentication
Summary
Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
Vendor Product Version
Advantech Hospital Quering Management Affected: 0 , < 1.2.13 (custom)
Create a notification for this product.
Date Public
2026-06-30 10:54
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T12:25:02.527865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:25:08.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hospital Quering Management",
          "vendor": "Advantech",
          "versions": [
            {
              "lessThan": "1.2.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-06-30T10:54:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
            }
          ],
          "value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T10:57:11.421Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-11012-63761-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
            }
          ],
          "value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
        }
      ],
      "source": {
        "advisory": "TVN-202606007",
        "discovery": "EXTERNAL"
      },
      "title": "Advantech\uff5cHospital Quering Management - Missing Authentication",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2026-14162",
    "datePublished": "2026-06-30T10:57:11.421Z",
    "dateReserved": "2026-06-30T02:02:24.547Z",
    "dateUpdated": "2026-06-30T12:25:08.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.
  • Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected, including those channels that are assumed to be accessible only by authorized parties. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.
  • In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation
Architecture and Design
  • Where possible, avoid implementing custom, "grow-your-own" authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These capabilities may avoid common weaknesses that are unique to authentication; support automatic auditing and tracking; and make it easier to provide a clear separation between authentication tasks and authorization tasks.
  • In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly.
Mitigation MIT-4.5
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45].
Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302].

CAPEC-12: Choosing Message Identifier

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

CAPEC-166: Force the System to Reset Values

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

CAPEC-216: Communication Channel Manipulation

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

CAPEC-36: Using Unpublished Interfaces or Functionality

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.

CAPEC-62: Cross Site Request Forgery

An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.