CVE-2024-23943

CVE-2024-23943 affects MB Connect Line mbCONNECT24 devices. The root cause is a lack of authentication for a critical function, enabling unauthenticated remote attackers to access the cloud API. Vulnerable versions are mbCONNECT24 prior to 2.16.2; remediation is upgrading to 2.16.2 or later. Impa...

NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rivaquickstart component. The issue results from the lack of authentication prior to...

CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...

CVE-2025-27256

CVE-2025-27256 concerns a Missing Authentication for Critical Function vulnerability in the GE Vernova Enervista UR Setup application. The issue is described as an authentication bypass caused by a missing SSH server authentication, which could allow an attacker with an unauthenticated client con...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

The vulnerability of the Acronis True Image software for backup and data restoration lies in the lack of authentication for critical functions, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Acronis True Image backup and recovery software relates to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2025-21355

CVE-2025-21355 affects Microsoft Bing (web service). The issue is a Missing Authentication for a Critical Function in Bing that enables an unauthenticated, network-based attacker to execute code, i.e., remote code execution. The root cause is lack of authentication for a critical function, allowi...

Microsoft Bing Remote Code Execution Vulnerability

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26364

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

CVE-2025-24865 mySCADA myPRO Manager Missing Authentication for Critical Function

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

CVE-2025-24865 mySCADA myPRO Manager Missing Authentication for Critical Function

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

CVE-2025-24865

The CVE-2025-24865 entry concerns mySCADA myPRO Manager where the administrative web interface can be accessed without authentication. The connected documents describe that this could let an attacker retrieve sensitive information and upload files without credentials, and the PT-2025-7040 entry a...

CVE-2025-0896 Orthanc Server Missing Authentication for Critical Function

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...