Lucene search
K

2973 matches found

CVE
CVE
added 2025/02/13 9:29 p.m.116 views

CVE-2025-24865

The CVE-2025-24865 entry concerns mySCADA myPRO Manager where the administrative web interface can be accessed without authentication. The connected documents describe that this could let an attacker retrieve sensitive information and upload files without credentials, and the PT-2025-7040 entry a...

10CVSS9.6AI score0.06818EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/13 9:29 p.m.14 views

CVE-2025-24865 mySCADA myPRO Manager Missing Authentication for Critical Function

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

10CVSS9.6AI score0.06818EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/13 1:2 a.m.22 views

CVE-2025-0896 Orthanc Server Missing Authentication for Critical Function

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

9.8CVSS0.02376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/13 1:2 a.m.6 views

CVE-2025-0896 Orthanc Server Missing Authentication for Critical Function

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

9.8CVSS7.2AI score0.02376EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS5.8AI score0.00517EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.13 views

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

7.5CVSS0.00517EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

7.5CVSS5.9AI score0.00517EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.7 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS5.8AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

5.3CVSS5.8AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.4 views

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

9.8CVSS5.8AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.32 views

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

9.8CVSS0.00855EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.23 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS0.00786EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26347

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

9.8CVSS0.01029EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.4 views

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

9.8CVSS5.8AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.4 views

CVE-2025-26347

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

9.8CVSS5.8AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...

9.8CVSS5.8AI score0.01029EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

9.8CVSS0.01029EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...

9.8CVSS0.01029EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.4 views

CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests...

9.8CVSS5.9AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...

9.8CVSS5.9AI score0.01029EPSS
Exploits0References1
Rows per page
Query Builder