864 matches found
CVE-2025-14349
CVE-2025-14349 affects Universal Software Inc. FlexCity/Kiosk prior to version 1.0.36. The issue is described as a privilege escalation caused by privileges defined with unsafe actions and missing authentication for a critical function, allowing access to functionality not properly constrained by...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
CVE-2026-25084
The CVE-2026-25084 entry concerns ZLAN5143D, a device whose authentication can be bypassed by directly accessing internal URLs. Connected sources provide concrete details: in addition to the basic bypass vulnerability, an unprotected API endpoint can allow an attacker to remotely change the devic...
CVE-2025-8025
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...
PT-2026-7577
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...
Missing Authentication for Critical Function
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...
Missing Authentication for Critical Function
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...
Missing Authentication for Critical Function
Overview frosh/adminer-platform is an Adminer for Shopware Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Adminer route configuration, which does not enforce session validation. An attacker can gain unauthorized access to sensitive...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
EPSON WF-2861 Missing Authentication for Critical Function (CVE-2018-19248)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request ...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...
CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...
CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...