2931 matches found
CVE-2025-25224
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
CVE-2025-25224
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
CVE-2025-25224
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
CVE-2025-25224
The CVE-2025-25224 entry concerns LuxCal Web Calendar prior to 5.3.3M (MySQL) and 5.3.3L (SQLite), where dloader.php has a missing authentication vulnerability that can allow arbitrary server file disclosure. Affected product is LuxCal Web Calendar; root cause is missing access control in dloader...
Multiple vulnerabilities in The LuxCal Web Calendar
Overview The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 - CVE-2025-25221 SQL injection in retrieve.php CWE-89 - CVE-2025-25222 Path traversal in dloader.php CWE-22 - CVE-2025-25223 Missing authentication in dloader.php...
JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar
The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...
PT-2025-7064 · Unknown · Luxcal Web Calendar
Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M MySQL version LuxCal Web Calendar versions prior to 5.3.3L SQLite version Description: The issue concerns a missing authentication vulnerability in the dloader.php file. This vulnerability can be...
The vulnerability in the web interface of the mySCADA myPRO Manager platform allows a perpetrator to gain unauthorized access to the software.
The vulnerability in the web interface of the mySCADA myPRO Manager control platform is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the software...
CVE-2025-26347
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...
CVE-2025-26345
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...
CVE-2025-26364
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...
CVE-2025-26342
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...
CVE-2025-26344
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...
CVE-2025-26366
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...
CVE-2025-26339
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP...
Multiple vulnerabilities in NEC Aterm series (NV25-003)
Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2025-0354 Missing Authentication for Critical Function CWE-306 - CVE-2025-0355 OOS Command Injection CWE-78 - CVE-2025-0356 CVE-2025-0354, CVE-2025-0355...
JVN#65447879: Multiple vulnerabilities in NEC Aterm series (NV25-003)
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8 CVE-2025-0354 Missing Authentication for Critical Function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
CVE-2025-24865 mySCADA myPRO Manager Missing Authentication for Critical Function
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...
CVE-2025-24865 mySCADA myPRO Manager Missing Authentication for Critical Function
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...
CVE-2025-24865
The CVE-2025-24865 entry concerns mySCADA myPRO Manager where the administrative web interface can be accessed without authentication. The connected documents describe that this could let an attacker retrieve sensitive information and upload files without credentials, and the PT-2025-7040 entry a...