CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

CVE-2025-26359

The CVE-2025-26359 issue affects Q-Free MaxTime (MaxTime) up to version 2.11.0, specifically in maxprofile/accounts/routes.lua, where a Missing Authentication for Critical Function (CWE-306) allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. Evidence from mult...

CVE-2025-26347

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

CVE-2025-26345

CVE-2025-26345 affects Q-Free MaxTime ≤ 2.11.0. A CWE-306 vulnerability in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests. The issue is described as critical (CVSS 3.1: 9.8, Network, No Privileges) with no explicit rem...

CVE-2025-26342

CVE-2025-26342 affects Q-Free MaxTime (MaxTime

CVE-2025-26341

CVE-2025-26341 affects Q-Free MaxTime

PT-2025-7152 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote attacker to enable an authenticati...

The vulnerability of the Four-Faith F3x36 microprogrammed router server lies in the lack of authentication for a critical function, allowing an attacker to modify the device’s configuration.

The vulnerability of the Four-Faith F3x36 microprogrammed router software server lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the device’s configuration by sending specially crafted HTTP requests...

CVE-2024-52437

Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through = 1.0.0...

CVE-2024-34800

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

CVE-2024-50375

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote unauthenticated users capable of interacting...

CVE-2024-31218

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2025-0355

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3...

PT-2025-3848 · Nec · Aterm Wf1200Cr +7

Name of the Vulnerable Software and Affected Versions: NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier NEC Corporation Aterm WF1200CRS versions 1.6.0 and earlier NEC Corporation Aterm WG1200CRS versions 1.5.0 and earlier NEC Corporation Aterm GB1200PE versions 1.3.0 and earlier NEC...

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability

Talos Vulnerability Report TALOS-2024-2036 Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39608 SUMMARY A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Veeam Backup & Replication’s protection tools for cloud, virtual, and physical systems stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileges...