Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...

CVE-2025-7679

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2025-7677

A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...

CVE-2025-53191

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-7679

ABB Aspect (ASPECT) BMS/BAS suffers an authentication bypass across all versions; root cause involves debugging code left in market release. ATT&CK/impact details: attacker could bypass login to access files, change system time, and invoke functions without authentication; DoS is possible if on l...

CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2025-7677 DOS attack possible

A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...

CVE-2025-7677 DOS attack possible

A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...

CVE-2025-7677

CVE-2025-7677 affects ABB Aspect (industrial control system) with a DoS caused by a buffer copy issue. According to ICSA-25-252-02, the DoS affects all versions of ASPECT, with specific note that versions prior to 3.08.04-s01 are impacted. The DoS is exploitable if an attacker has access to the l...

CVE-2025-53191

CVE-2025-53191 entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-53191

...

PT-2025-32568

Name of the Vulnerable Software and Affected Versions: ABB Aspect affected versions not specified Description: A missing authentication issue exists for a critical function in ABB Aspect. This allows unauthorized access to sensitive functionality. Recommendations: At the moment, there is no...

PT-2025-32195 · Aomei · Aomei Cyber Backup

Name of the Vulnerable Software and Affected Versions: AOMEI Cyber Backup affected versions not specified Description: AOMEI Cyber Backup suffers from a missing authentication flaw for a critical function, potentially leading to remote code execution. Recommendations: At the moment, there is no...

The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, allows a attacker to perform a CSRF attack.

The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to perform a CSRF attack...

PT-2025-31383 · Suse · Suse Manager Server Module 4.3 +4

Name of the Vulnerable Software and Affected Versions: SUSE Manager versions prior to 0.3.7-150600.3.6.2 SUSE Manager versions prior to 5.0.14-150600.4.17.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.33-150400.3.55.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prio...

The vulnerability of Trend Micro Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS) lies in the lack of authentication for a critical function, allowing attackers to gain full control over the application.

The vulnerability of Trend Micro Worry-Free Business Security WFBS and Worry-Free Business Security Services WFBSS lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application...

CVE-2025-48733 DuraComm DP-10iN-100-MU Missing Authentication for Critical Function

DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device...

Missing Authentication for Critical Function

Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...

CVE-2025-7031

Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4...