CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads t...

CVE-2025-4018

Summary of CVE-2025-4018 (Novel-Plus) : A critical vulnerability affects Novel-Plus versions up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160, specifically the function addCrawlSource in novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The root issue is a missing authent...

CVE-2025-4015

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missin...

CVE-2025-4015 20120630 Novel-Plus SessionController.java list missing authentication

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missin...

CVE-2025-4015 20120630 Novel-Plus SessionController.java list missing authentication

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missin...

CVE-2025-4015

CVE-2025-4015 affects Novel-Plus versions 20120630 through 0e156c04b4b7ce0563bef6c97af4476fcda8f160. The root cause is an access control error in the function list of SessionController.java, causing missing authentication and enabling remote exploitation. Public exploit disclosure has occurred. A...

PT-2025-18060 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 20120630 through 0e156c04b4b7ce0563bef6c97af4476fcda8f160 Description: A critical issue has been found that affects the function list of the file...

PT-2025-18063 · Unknown · 20120630 Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 20120630 up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 Description: A critical vulnerability has been found in Novel-Plus, affecting the function addCrawlSource of the file...

CVE-2025-46275

WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials...

CVE-2025-46275 Planet Technology Network Products Missing Authentication for Critical Function

WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials...

CVE-2025-46275 Planet Technology Network Products Missing Authentication for Critical Function

WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials...

GO-2025-3620 Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server

Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server...

CVE-2025-32377

CVE-2025-32377 involves Rasa Pro voice connectors that fail to enforce authentication even when a token is configured in credentials.yml. The issue allows submitting voice data from unauthenticated sources via affected connectors. The fixed releases apply to audiocodes, audiocodes_stream, and gen...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

Working PoC for CVE-2025-32433 !ca...

Missing Authentication for Critical Function

Overview rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the voice connector APIs fo...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function over the PUT /api/v4/users/user-id/mfa endpoint. This allows a user with editotherusers permission to activate or deactivate multi-factor authentication for other users. Remediation Upgrade...

GHSA-J5JW-M2PH-3JJF Mattermost Missing Authentication for Critical Function

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

CVE-2025-2567 Lantronix Xport Missing Authentication for Critical Function

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation...

PT-2025-17864 · Unknown · Wgs-4215-8T2S +1

Name of the Vulnerable Software and Affected Versions: WGS-80HPT-V2 affected versions not specified WGS-4215-8T2S affected versions not specified Description: The issue is related to missing authentication in the affected devices, which could allow an attacker to create an administrator account...

VulnCheck KEV: CVE-2025-3248

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...