2931 matches found
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-32433link is external Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability CVE-2024-42009link is external RoundCube...
CVE-2025-5871
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...
CVE-2025-5872
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2025-5872 eGauge EG3000 Energy Monitor Setting missing authentication
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2025-5872
Affected product: eGauge EG3000 Energy Monitor, version 3.6.3. Vulnerability: in the Setting Handler component, a lack of authentication allows remote exploitation. The issue is publicly disclosed and exploitable remotely; vendor response is not indicated in the sources. Exploitation status: proo...
CVE-2025-5872 eGauge EG3000 Energy Monitor Setting missing authentication
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2025-5871 Papendorf SOL Connect Center Web Interface missing authentication
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...
CVE-2025-5871 Papendorf SOL Connect Center Web Interface missing authentication
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...
CVE-2025-5871
The CVE-2025-5871 entry concerns Papendorf SOL Connect Center 3.3.0.0. The vulnerability affects the Web Interface component, with a missing/authentication-bypass flaw that allows remote access. Exploitation is described as remotely executable and the exploit has been disclosed publicly. Public d...
VulnCheck KEV: CVE-2025-32433
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...
PT-2025-24417 · Unknown · Papendorf Sol Connect Center
Name of the Vulnerable Software and Affected Versions: Papendorf SOL Connect Center version 3.3.0.0 Description: A vulnerability was found in the Web Interface component, leading to missing authentication. This issue can be exploited remotely. The exploit has been disclosed to the public...
PT-2025-24418 · Egauge · Egauge Eg3000 Energy Monitor
Name of the Vulnerable Software and Affected Versions: eGauge EG3000 Energy Monitor version 3.6.3 Description: A problematic issue was found in the Setting Handler component, leading to missing authentication. This can be exploited remotely. The exploit has been disclosed publicly. Recommendation...
PT-2025-24547 · Lablup · Lablup'S Backendai
Name of the Vulnerable Software and Affected Versions: Lablup's BackendAI affected versions not specified Description: The issue concerns a missing authentication mechanism in the registration feature, allowing arbitrary users to create accounts that can access private data, even when registratio...
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...
CVE-2025-3461
The CVE-2025-3461 entry concerns Quantenna Wi‑Fi chipsets with an unauthenticated telnet interface enabled by default (CWE-306: Missing Authentication for Critical Function). Affected product: Quantenna Wi‑Fi chipset through SDK version 8.0.0.28. Reported impact: potential unauthorized access via...
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N...
CVE-2025-5192
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions...
CVE-2025-5192
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions...
CVE-2025-22252
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin...