Missing-Authentication

TinyIce versions 0.8.95 through 2.4.1 are vulnerable to unauthenticated stream injection due to a missing authentication check on the WebRTC ingest endpoint (/webrtc/source-offer), allowing a network attacker to hijack broadcasts by publishing arbitrary audio/video to a target mount, replacing the legitimate source's content; patched in version 2.5.0 (CVE-2026-45327).

FlowiseAI versions 3.1.1 and earlier are vulnerable to a privilege escalation due to missing authentication and permission checks on the OpenAI Assistants Vector Store CRUD endpoints, allowing any authenticated user to create, modify, upload files to, and delete vector stores and files, regardless of their assigned permissions.

The WinMatrix agent by Simopro Technology suffers from a missing authentication vulnerability (CVE-2026-6348), enabling local authenticated attackers to execute arbitrary code with SYSTEM privileges on the local machine and all hosts within the agent's environment.

Vitals ESP developed by Galaxy Software Services suffers from a missing authentication vulnerability (CVE-2026-4640), enabling unauthenticated remote attackers to execute functions and obtain sensitive information.