855 matches found
CVE-2025-0355
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3...
PT-2025-3848 · Nec · Aterm Wf1200Cr +7
Name of the Vulnerable Software and Affected Versions: NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier NEC Corporation Aterm WF1200CRS versions 1.6.0 and earlier NEC Corporation Aterm WG1200CRS versions 1.5.0 and earlier NEC Corporation Aterm GB1200PE versions 1.3.0 and earlier NEC...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2036 Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39608 SUMMARY A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.
The vulnerability of Veeam Backup & Replication’s protection tools for cloud, virtual, and physical systems stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileges...
Missing Authentication For Critical Function
Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
PoC Authentication Bypass MFA Really Simple Security WordPress...
The vulnerability of the monitoring and policy auditing software Azure PolicyWatch on the Microsoft Azure cloud platform lies in the lack of authenticity verification for a critical function, allowing attackers to escalate their privileges.
The vulnerability of the Azure PolicyWatch monitoring and policy auditing software on the Microsoft Azure cloud platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileg...
Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...
CVE-2019-17082
Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control...
CVE-2024-38643
CVE-2024-38643 affects QNAP Notes Station 3. The issue is a missing authentication for a critical function, allowing remote attackers to gain access to and execute certain functions. The vulnerability is documented with a high impact and network-based attack vector (CVSS 3.1/4.0 metrics indicate ...
CVE-2024-38643 Notes Station 3
A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
For more PoC details, see: https://pc.fenchuan8.com//index?fo...
PT-2024-8761 · Myscada · Myscada Mypro Manager +1
Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions affected versions not specified mySCADA myPRO Manager versions affected versions not specified Description: The issue is related to a lack of authentication for a critical function used in the operating system command...
CVE-2024-52437
Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through = 1.0.0...
CVE-2024-52438
Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.This issue affects de:branding: from n/a through = 1.0.2...
CVE-2024-52437
CVE-2024-52437 affects the WordPress plugin Banner System (versions ≤ 1.0.0). It is a Missing Authentication for Critical Function vulnerability that allows Privilege Escalation . Public details identify the affected version range and the privilege-escalation impact; multiple sources (Wordfence I...
CVE-2024-52438
CVE-2024-52438 corresponds to a Missing Authentication for Critical Function vulnerability in the WordPress plugin de:branding (versions up to 1.0.2). The issue allows Privilege Escalation and affects the plugin as deployed (de:branding: from n/a through 1.0.2). Across connected sources, the vuln...
The vulnerability of CODESYS V3 microprogramming software for WAGO controllers allows a hacker to gain full access to the controller or cause a service failure.
The vulnerability of CODESYS V3 microprogramming software for WAGO controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full access to the controller or cause service failures...