CVE-2024-9919

The CVE-2024-9919 issue affects parisneo/lollms-webui version 13, specifically the uninstall endpoint. A missing authentication check in /uninstall/{app_name} means the server does not call check_access() to verify client_id, allowing unauthorized directory deletions. The vulnerability is describ...

Tripp Lite SU750XL UPS Privilege Escalation / Missing Authentication

Tripp Lite SU750XL UPS suffers from multiple privilege escalation issues due to missing authentication. Although these issues were previously found on PDUs back in 2019, it appears the UPSes are also affected. Author: Lucas Lalumiere Contact: [email protected] Date: 2025-3-17 Vendor: Tripp Li...

CVE-2024-50630

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors...

CVE-2024-50630

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors...

CVE-2024-50630

Synology Drive Server’s webapi component has a missing authentication issue that allows remote attackers to obtain administrator credentials. Affected versions are before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102. The vulnerability is defined as a missing-authentication for a critical...

CVE-2025-2344

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...

CVE-2025-2344

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...

CVE-2025-2344 IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...

CVE-2025-2344 IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...

CVE-2025-2344

CVE-2025-2344 affects IROAD Dash Cam X5 and X6, where an API Endpoint with missing authentication (access control error) enables remote exploitation. Public descriptions consistently note a critical classification and remote abuse potential, but do not provide concrete remediation details in the ...

CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...

CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

CVE-2025-27256

CVE-2025-27256 concerns a Missing Authentication for Critical Function vulnerability in the GE Vernova Enervista UR Setup application. The issue is described as an authentication bypass caused by a missing SSH server authentication, which could allow an attacker with an unauthenticated client con...

Unauthorized Account Takeover

oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...

Netsweeper 安全漏洞

Netsweeper is a web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper v.8.2.6 and prior versions that stems from a lack of server-side authentication in the account management interface, which could lead to unauthorized reassignment of account...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

PT-2025-27628 · Gfi · Gfi Kerio Control

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: A missing authentication vulnerability in the GFIAgent component allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service exposes HTTP services on ports 7995 a...

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

Microsoft Bing Remote Code Execution Vulnerability

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network...