849 matches found
Missing Authentication for Critical Function
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Missing Authentication for Critical Function at the /api/v1/validate/code endpoint, which allows an attacker to execute arbitrary code by sending malicious HTTP requests...
CVE-2025-25060
CVE-2025-25060 affects Hammock AssetView and AssetView CLOUD with a missing authentication for a critical function (CWE-306). An unauthenticated remote attacker could obtain and/or delete files on the server running AssetView. Affected versions: AssetView prior to 13.2.0 and AssetView CLOUD prior...
CVE-2024-45483
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...
CVE-2024-45483
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce...
CVE-2024-23943
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...
CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...
CVE-2024-23943
CVE-2024-23943 affects MB Connect Line mbCONNECT24 devices. The root cause is a lack of authentication for a critical function, enabling unauthenticated remote attackers to access the cloud API. Vulnerable versions are mbCONNECT24 prior to 2.16.2; remediation is upgrading to 2.16.2 or later. Impa...
NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rivaquickstart component. The issue results from the lack of authentication prior to...
CVE-2025-27256
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...
CVE-2025-27256
CVE-2025-27256 concerns a Missing Authentication for Critical Function vulnerability in the GE Vernova Enervista UR Setup application. The issue is described as an authentication bypass caused by a missing SSH server authentication, which could allow an attacker with an unauthenticated client con...
CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...
CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...
The vulnerability of the Acronis True Image software for backup and data restoration lies in the lack of authentication for critical functions, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Acronis True Image backup and recovery software relates to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...
The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2025-21355
CVE-2025-21355 affects Microsoft Bing (web service). The issue is a Missing Authentication for a Critical Function in Bing that enables an unauthenticated, network-based attacker to execute code, i.e., remote code execution. The root cause is lack of authentication for a critical function, allowi...