2914 matches found
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2025-42885
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885
CVE-2025-42885 concerns SAP HANA 2.0 (hdbrss), where missing authentication lets an unauthenticated attacker call a remote-enabled function to view information. This is a network-based issue with low confidentiality impact and no impact on integrity or availability, and has a CVSS3.1 base score o...
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
PT-2025-46226
Name of the Vulnerable Software and Affected Versions SAP HANA version 2.0 Description SAP HANA 2.0 hdbrss is affected by a missing authentication mechanism. This allows an unauthenticated attacker to call a remote-enabled function and view information. The issue has a low impact on...
SourceCodester Client Database Management System 安全漏洞
SourceCodester Client Database Management System is an open source client database management system from SourceCodester. A security vulnerability exists in the SourceCodester Client Database Management System version 1.0, which stems from a lack of authentication and authorization checks and...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-3243...
Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9934)
Various Lexmark products have an Incorrect Access Control vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503870; scriptversion"1.2...
Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9935)
Various Lexmark products have an Incorrect Access Control vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503853; scriptversion"1.2...
CVE-2025-12108
The CVE-2025-12108 instance affects the Survision LPR Camera system, where authentication is not enforced by default, allowing access to the configuration wizard without login credentials. Affected component: the device’s access/configuration flow (license plate recognition camera system). Impact...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
CVE-2025-61956
Radiometrics VizAir is affected by a lack of authentication for critical functions (admin panel and REST API). This could allow an unauthenticated attacker to modify configurations and weather data, potentially manipulating active runway settings, misleading air traffic control and pilots, and ca...
CVE-2025-61956 Missing Authentication for Critical Function in Radiometrics VizAir
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...
CVE-2025-61945
Radiometrics VizAir is affected by a missing authentication for critical functions vulnerability: an unauthenticated remote attacker can access the admin panel and modify key weather parameters (wind shear alerts, inversion depth, CAPE) and potentially disable alerts or alter runway settings. Mul...
CVE-2025-47357
CVE-2025-47357 describes an information-disclosure vulnerability in Qualcomm chipsets where a user-level driver can perform QFPROM read or write operations on fuse regions. The root cause is consistently described as an access-control/authorization issue that allows local (user-level) operations ...