Fortinet Fortigate TACACS+ authentication bypass (FG-IR-24-472)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-472 advisory. - A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager...

The vulnerability of microprogrammed software in PLANET Technology devices stems from the lack of authenticity verification for a critical function. This allows attackers to create accounts with root privileges.

The vulnerability of PLANET Technology’s microprogrammed software for switches is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow a malicious actor, operating remotely, to create a user account with root privileges...

CVE-2025-46275 Planet Technology Network Products Missing Authentication for Critical Function

WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials...

GO-2025-3620 Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server

Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server...

The vulnerability of Prisma Access Browser lies in the lack of authentication checks for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Prisma Access Browser is related to the lack of authentication checks for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...

Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework

WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...

CVE-2025-3474

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0...

CVE-2025-3474

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0...

CVE-2025-29870

Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information...

Missing Authentication for Critical Function

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Missing Authentication for Critical Function at the /api/v1/validate/code endpoint, which allows an attacker to execute arbitrary code by sending malicious HTTP requests...

CVE-2025-25060

CVE-2025-25060 affects Hammock AssetView and AssetView CLOUD with a missing authentication for a critical function (CWE-306). An unauthenticated remote attacker could obtain and/or delete files on the server running AssetView. Affected versions: AssetView prior to 13.2.0 and AssetView CLOUD prior...

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is...

CVE-2024-23943

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...

CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...