CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

PT-2025-13294 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A node refcount leak issue has been identified in the function fwnode graph get next endpoint. This occurs because the parent returned by fwnode graph get port parent has its refcount...

CVE-2025-29489

CVE-2025-29489 affects libming v0.4.8, with a memory leak discovered in the parseSWF_MORPHLINESTYLES function. The provided documents consistently describe this as the vulnerability detail; no exploit specifics, affected products beyond libming v0.4.8, or remediation steps are given. The CVSS con...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...

CVE-2024-6825

CVE-2024-6825 affects litellm 1.40.12. The vulnerability lies in how the post_call_rules configuration is parsed: a callback can be set to a system method (for example os.system), with the final part treated as the function name and the rest imported as a Python module, enabling arbitrary command...

CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

CVE-2024-13686

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-1282

CVE-2025-1282 affects the Car Dealer Automotive WordPress Theme – Responsive (WordPress Theme) up to version 1.6.3. The vulnerability arises from insufficient file path validation in delete_post_photo() and add_car(), allowing authenticated users with Subscriber+ privileges to delete arbitrary se...

The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2025-26622

A flaw was found in Vyper’s sqrt builtin function. This vulnerability allows incorrect rounding of square root calculations via improper handling of oscillating final states in the Babylonian method. Mitigation Mitigation for this issue is either not available or the currently available options d...

CVE-2025-24946

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...

CVE-2025-25667

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function getparentControllistInfo...

Tenda W18E DelfaceBookPIC Function Buffer Overflow Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda W18E version 16.01.0.81625, which stems from a failure of the DelfaceBookPIC function to correctly validate the length of input data, and can be exploited by an attacker to execute...

Google Android shouldSkipForInitialSUW function authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authorization issue vulnerability that stems from a lack of permission checking in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java, which can be exploited by an attacker ...

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

CVE-2025-26363

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...

CVE-2024-50375

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote unauthenticated users capable of interacting...

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2024-56732 HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...