849 matches found
CVE-2025-8754 ABB AbilityTM zenon Remote Transport Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...
CVE-2025-8754
CVE-2025-8754 concerns ABB AbilityTM zenon (versions 7.50–14). The vulnerability is a Missing Authentication for a Critical Function, exposing a command/operation over NETWORK with no privileges required and no user interaction. According to multiple sources, the issue can impact availability (hi...
CVE-2025-8754 ABB AbilityTM zenon Remote Transport Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...
CVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...
CVE-2025-7677
A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...
CVE-2025-7679
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...
CVE-2025-53191
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-7679
ABB Aspect (ASPECT) BMS/BAS suffers an authentication bypass across all versions; root cause involves debugging code left in market release. ATT&CK/impact details: attacker could bypass login to access files, change system time, and invoke functions without authentication; DoS is possible if on l...
CVE-2025-7679 Session ID Basic Auth Bypass
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...
CVE-2025-7677
CVE-2025-7677 affects ABB Aspect (industrial control system) with a DoS caused by a buffer copy issue. According to ICSA-25-252-02, the DoS affects all versions of ASPECT, with specific note that versions prior to 3.08.04-s01 are impacted. The DoS is exploitable if an attacker has access to the l...
CVE-2025-7677 DOS attack possible
A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...
CVE-2025-7677 DOS attack possible
A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...
CVE-2025-53191
CVE-2025-53191 entry is rejected/not used and does not represent an active vulnerability.
CVE-2025-53191
...
PT-2025-32568
Name of the Vulnerable Software and Affected Versions: ABB Aspect affected versions not specified Description: A missing authentication issue exists for a critical function in ABB Aspect. This allows unauthorized access to sensitive functionality. Recommendations: At the moment, there is no...
PT-2025-32195 · Aomei · Aomei Cyber Backup
Name of the Vulnerable Software and Affected Versions: AOMEI Cyber Backup affected versions not specified Description: AOMEI Cyber Backup suffers from a missing authentication flaw for a critical function, potentially leading to remote code execution. Recommendations: At the moment, there is no...
The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, allows a attacker to perform a CSRF attack.
The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to perform a CSRF attack...
PT-2025-31383 · Suse · Suse Manager Server Module 4.3 +4
Name of the Vulnerable Software and Affected Versions: SUSE Manager versions prior to 0.3.7-150600.3.6.2 SUSE Manager versions prior to 5.0.14-150600.4.17.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.33-150400.3.55.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prio...