PT-2025-31383 · Suse · Suse Manager Server Module 4.3 +4

Name of the Vulnerable Software and Affected Versions: SUSE Manager versions prior to 0.3.7-150600.3.6.2 SUSE Manager versions prior to 5.0.14-150600.4.17.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.33-150400.3.55.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prio...

CVE-2025-48733 DuraComm DP-10iN-100-MU Missing Authentication for Critical Function

DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device...

Missing Authentication for Critical Function

Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...

CVE-2025-7031

Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4...

Epson Web Installer for Mac vulnerable to missing authentication for critical function

Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...

The vulnerability of the GFIAgent service, a software-based network filtering solution from Kerio Control, allows attackers to bypass existing security mechanisms.

The vulnerability of the GFIAgent software, a network filtering tool from Kerio Control, is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to bypass existing security mechanisms by sending specially crafted HTTP requests...

Missing Authentication for Critical Function

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

CVE-2025-3699

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the rekey process. An attacker can disrupt critical security operations by sending unauthenticated requests to cancel root rekey and recovery rekey operations. This can result in denial o...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the rekey process. An attacker can disrupt critical security operations by sending unauthenticated requests to cancel root rekey and recovery rekey operations. This can result in denial o...

CVE-2025-3090

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function...

CVE-2025-3090

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function...

The vulnerability of the software for configuring and setting up devices of the Universal Relay (UR) series, GE Vernova Enervista UR Setup, stems from the lack of authenticity verification for a critical function. This allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the software for configuring and setting up Universal Relay UR devices from GE Vernova Enervista UR Setup is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability allows an attacker who operates remotely to carry out...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management...

(Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks UniFi Console devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of bridge device adoption requests. The issue results from...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-32433link is external Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability CVE-2024-42009link is external RoundCube...

The vulnerability of the Desigo CC software platform lies in the lack of authentication for critical functions, allowing attackers to execute arbitrary code by sending specially crafted network requests.

The vulnerability of the Desigo CC software platform is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted network requests...