42 matches found
The vulnerability of the Desigo CC software platform lies in the lack of authentication for critical functions, allowing attackers to execute arbitrary code by sending specially crafted network requests.
The vulnerability of the Desigo CC software platform is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted network requests...
The vulnerability of the JetBrains YouTrack project and task management software, related to the lack of authentication for a critical function, allows attackers to gain unauthorized access to protected information.
The vulnerability of the JetBrains YouTrack project and task management software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2023-30969
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints...
CVE-2021-35979
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication...
CVE-2020-5910
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...
CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...
Novel-Plus 访问控制错误漏洞
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. Novel-Plus has an access control error vulnerability that stems from a lack of authentication...
CVE-2025-24924
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...
Netgear C7800 安全漏洞
The NETGEAR C7800 is a wireless router from NETGEAR. A security vulnerability exists in the Netgear C7800 that stems from a lack of basic authentication and transport security, which could allow credentials to be stolen via a man-in-the-middle attack...
NVIDIA Base Command Manager 安全漏洞
NVIDIA Base Command Manager is a base command manager from NVIDIA Corporation. A security vulnerability exists in NVIDIA Base Command Manager that stems from a lack of authentication, successful exploitation of which could lead to code execution, denial of service, privilege escalation, informati...
The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the lack of authentication procedures, which allows a perpetrator to execute arbitrary codes or commands.
The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or scripts by sending specially crafted HTTP requests o...
The vulnerability of the HTTP service of DJI Mavic Mini 3 Pro microprogramming software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the HTTP service in DJI Mavic Mini 3 Pro microprogrammed software systems is related to the absence of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability in the Dapr Dashboard’s web interface relates to the lack of authentication for critical functions, allowing attackers to influence the confidentiality of protected information.
The vulnerability in the Dapr Dashboard’s web interface is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality of the protected information...
PT-2023-9595
Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 9.0.0 and prior Description The issue is related to a lack of authentication for a critical function in the Connector/Python component of MySQL Connectors, allowing a low-privileged attacker with network access via...
Vulnerability of the qsmremove_file_fd_question function in the Quiz And Survey Master plugin of the WordPress content management system, allowing a user to delete any files they want.
Vulnerability of the qsmremovefilefdquestion function in the Quiz And Survey Master plugin of the WordPress content management system: This vulnerability is related to the lack of authentication checks for a critical function. Exploiting this vulnerability could allow an attacker to remotely dele...
The vulnerability of Git servers in Soft Serve mode, related to the absence of authentication procedures, allows attackers to bypass the authentication process.
The vulnerability of Git servers in Soft Serve mode is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...
The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, allowing attackers to circumvent established security restrictions.
The vulnerability of the Apache ShenYu software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to circumvent established security restrictions remotely...
HCL Software HCL Domino 安全漏洞
HCL Software HCL Domino is an application software from India HCL Software. It provides a platform for application development. HCL Software HCL Domino has a security vulnerability that arises from a lack of security measures such as authentication, access control, and privilege management in a...
The vulnerability of the Cisco Application Services Engine software’s key storage mechanism lies in the lack of authentication for critical functions. This allows attackers to gain access to certain services on vulnerable devices.
The vulnerability of the Cisco Application Services Engine software’s key storage mechanism is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to gain access to a specific service on a vulnerable device...
The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...