PT-2025-13207 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through 7.2.3.14 IBM UrbanCode Deploy versions 7.3 through 7.3.2.0 IBM DevOps Deploy versions 8.0 through...

PT-2025-13204 · Ibm · Ibm Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.1 through 7.1.2.22 IBM UrbanCode Deploy versions 7.2 through 7.2.3.15 IBM UrbanCode Deploy versions 7.3 through 7.3.2.10 IBM DevOps Deploy versions 8.0 through 8.0.1.5 IBM DevOps Deploy versions 8.1 through...

Multiple vulnerabilities in AssetView

Overview AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201 - CVE-2025-27244 Takao Kondo of VeriServe Corporation...

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

CVE-2024-45483 Missing GRUB password in B&R APROL

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

JVN#26321838: Multiple vulnerabilities in AssetView

AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Base Score 8.2 CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201...

CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce...

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the api/v1/utils/pdf endpoint. An attacker can exhaust server resources and cause a denial of service by sending a POST request with an excessively large...

Missing Critical Step in Authentication

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to a missing checkaccess call in the installbinding function. An attacker can add, modify, and remove bindings by accessing the...

CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

CVE-2024-8196 Missing Authentication for Critical Function in mintplex-labs/anything-llm

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace...

CVE-2024-8196 Missing Authentication for Critical Function in mintplex-labs/anything-llm

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace...

CVE-2024-9919 Missing Authentication Check in parisneo/lollms-webui

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

CVE-2024-9919 Missing Authentication Check in parisneo/lollms-webui

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...