849 matches found
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication when starting sandbox browser bridge server. An attacker can gain unauthorized access to browser control...
Missing Authentication for Critical Function
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tunnel.allowNgrokFreeTierLoopbackBypass configuration option in the webhook authentication. An attacker can trigger unauthorized...
Missing Authentication for Critical Function
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the verifyWebhook function. An attacker can send forged webhook requests to the Telnyx voice-call endpoint by omitting signature...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect handshake in the gateway WebSocket, when auth.token is present but not validated. An attacker can gain unauthorized access by...
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349
CVE-2025-14349 affects Universal Software Inc. FlexCity/Kiosk prior to version 1.0.36. The issue is described as a privilege escalation caused by privileges defined with unsafe actions and missing authentication for a critical function, allowing access to functionality not properly constrained by...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...
CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
CVE-2026-25084
The CVE-2026-25084 entry concerns ZLAN5143D, a device whose authentication can be bypassed by directly accessing internal URLs. Connected sources provide concrete details: in addition to the basic bypass vulnerability, an unprotected API endpoint can allow an attacker to remotely change the devic...
CVE-2025-8025
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...
PT-2026-7577
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...
Missing Authentication for Critical Function
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...
Missing Authentication for Critical Function
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...
Missing Authentication for Critical Function
Overview frosh/adminer-platform is an Adminer for Shopware Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Adminer route configuration, which does not enforce session validation. An attacker can gain unauthorized access to sensitive...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleHello process. An attacker can exhaust system memory and disrupt service availability by repeatedly sending unauthenticated DNS queries that trigger unbounded session allocation...