2931 matches found
CVE-2020-9143
There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure...
CVE-2019-10941
A vulnerability has been identified in SINEMA Server All versions V14 SP3. Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
CVE-2025-36535 AutomationDirect MB-Gateway Missing Authentication for Critical Function
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...
CVE-2025-36535 AutomationDirect MB-Gateway Missing Authentication for Critical Function
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...
CVE-2025-27803
The CVE-2025-27803 issue affects eCharge Hardy Barth cPH2 / cPP2 charging stations, where the web interface and MQTT server lack authentication. The underlying root cause is an absence of authentication mechanisms, enabling an attacker with network access to gain administrative control and potent...
CVE-2025-27803 Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access ...
Local Privilege Escalation
github.com/redhatinsights/yggdrasil is vulnerable to local privilege escalation. The vulnerability is due to missing authentication and authorization checks on a DBus method that dispatches messages to worker processes, allowing any local user to trigger privileged package management actions...
Missing Authentication for Critical Function
Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...
📄 HP Sure Access Enterprise / Sure Click Enterprise Missing Authentication
SEC Consult conducted penetration tests on Sure Access in 2022 and on Sure Click in 2023 and established a contact with HP afterwards. After several rounds of emails and meetings with the product development team, the scope and limitations of Sure Access and Sure Click were made clear. This...
CVE-2025-0132
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue...
Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'
Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...
CVE-2025-32738
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings...
CVE-2025-32738
CVE-2025-32738 affects I-O DATA HDL-T Series network-attached HDDs with firmware versions 1.21 and earlier. The flaw is a missing authentication for a critical function, enabling a remote unauthenticated attacker to change product settings. Public sources (JVNDB/Red Hat/US CVE feeds) confirm the ...
CVE-2025-32738
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings...
CVE-2025-32738
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings...
CVE-2025-0132
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue...
CVE-2025-0132
CVE-2025-0132 affects Palo Alto Networks Cortex XDR Broker VM, exposing a missing authentication flaw that allows an unauthenticated attacker with network access to disable certain internal services on the Broker VM. The CVE is documented with a CVSS 4.0 base vector (AV:N/AC:L/PR:N/UI:N/SI:N/VI:L...
CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue...
CVE-2025-4560
The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing IP settings, and uploading files...