855 matches found
EUVD-2022-51598
Malicious code in bioql PyPI...
EUVD-2023-55021
Malicious code in bioql PyPI...
EUVD-2024-48036
Malicious code in bioql PyPI...
Missing Authentication for Critical Function
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function via sensitive in-memory cache debug endpoints. An unauthenticated attacker can access sensitive cached information by accessing...
CVE-2025-41716
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...
CVE-2025-41716
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...
CVE-2025-41716
CVE-2025-41716 describes an unauthenticated information disclosure where a remote attacker can enumerate existing user accounts and their roles due to missing authentication for a critical function. Connected sources reference WAGO Device Sphere and WAGO Solution Builder as affected, describing a...
PT-2025-39238
Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description The web application has a flaw that allows an unauthenticated remote attacker to gather information about existing user accounts, including their roles, due to a lack of authenticatio...
GO-2025-3951 Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function in github.com/chaos-mesh/chaos-mesh
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function in github.com/chaos-mesh/chaos-mesh. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...
CVE-2025-7405
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...
Mitsubishi Electric MELSEC iQ-F Series CPU 访问控制错误漏洞
The Mitsubishi Electric MELSEC iQ-F Series CPUs are a series of CPU modules from Mitsubishi Electric Corporation Mitsubishi Electric, Japan. An access control error vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series CPUs, which stems from a lack of authentication of a critical...
CVE-2025-54942
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...
CVE-2025-54942 SUNNET Corporate Training Management System - Missing Authentication for Critical Function
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...
PT-2025-35336
Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A missing authentication check for a critical function allows remote attackers to access deployment functionality without authentication. Recommendations Update to...
CVE-2025-8611
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v4/teams/:teamId/restore endpoint. An attacker can access sensitive team invite information by sending crafted requests to this endpoint without proper privileges. Remediati...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
The CVE-2025-27214 entry concerns UniFi Connect EV Station Pro (versions up to 1.5.18) where a Missing Authentication for Critical Function vulnerability could allow a nearby or physically present attacker to trigger an unauthorized factory reset. The core issue is lack of authentication for crit...
GO-2025-3865 Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence...