CVE List – Find High-Risk & Exploited Vulnerabilities ATT&CK Technique:Privilege Escalation / Missing Authentication for Critical Function

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

Showing 120 (more results available)
«« First « Prev Page 1 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-46339 9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37. 10.0 0.11% 2026-07-15 2026-07-16
CVE-2026-58658 GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port. Attackers can enumerate model instance IDs to stream serving logs containing prompts and completions, change log levels, and read memory profiling data without any authentication. 8.8 N/A 2026-07-15 2026-07-15
CVE-2026-53512 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates only possession of the bound refreshToken row and matching client_id, without verifying the confidential client's client_secret, allowing an attacker with a valid refresh_token to mint access tokens and rotated refresh tokens through /api/auth/oauth2/token or /api/auth/mcp/token. The @better-auth/o 9.1 0.01% 2026-07-15 2026-07-15
CVE-2026-61613 Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthenticated local agent endpoint, enabling code execution within the affected Cloud Agent sandbox or session and access to files, repository contents, environment variables, credentials, and GitHub App access tokens available to that session. This issue was fixed 7.7 N/A 2026-07-15 2026-07-15
CVE-2026-48325 ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. 9.3 0.32% 2026-07-14 2026-07-15
CVE-2026-24259 NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. 6.4 0.14% 2026-07-14 2026-07-15
CVE-2026-24229 NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service. 7.3 0.12% 2026-07-14 2026-07-15
CVE-2026-48252 Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. Scope is changed. 8.6 0.43% 2026-07-14 2026-07-15
CVE-2026-47212 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inject forged Twilio status payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. 6.9 0.30% 2026-07-14 2026-07-15
CVE-2026-45755 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse() received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged Mailtrap delivery, bounce, open, click, or spam events. This issue is fixed in versions 7.4.12 and 8.0.12. 6.9 0.30% 2026-07-14 2026-07-15
CVE-2026-45754 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST requests to inject forged Mailjet and LOX24 event payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. 6.9 0.46% 2026-07-14 2026-07-15
CVE-2026-50451 Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. 7.1 0.22% 2026-07-14 2026-07-15
CVE-2026-50444 Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network. 8.8 0.60% 2026-07-14 2026-07-15
CVE-2026-57969 Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network. 8.8 0.54% 2026-07-14 2026-07-15
CVE-2026-56164 KEV Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network. 5.3 7.05% 2026-07-14 2026-07-14
CVE-2026-50333 Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally. 7.8 0.22% 2026-07-14 2026-07-14
CVE-2026-49174 Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. 6.1 0.20% 2026-07-14 2026-07-14
CVE-2026-10577 A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device. 10.0 0.25% 2026-07-14 2026-07-14
CVE-2026-62422 In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible 10.0 0.35% 2026-07-14 2026-07-15
CVE-2026-58319 Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to cluster instability or denial of service. This issue affects Apache Doris versions prior to 3.1.0. Users are advised to upgrade to Apache Doris 3.1.0 or later. 9.1 0.61% 2026-07-14 2026-07-14
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence