2931 matches found
CVE-2024-1662
Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02...
CVE-2024-0336
Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDKS: from V3.04 before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2024-36388
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...
CVE-2024-36388
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...
Missing Authentication
jupyter-scheduler is vulnerable to Missing Authentication. The vulnerability is due to a missing authentication check on the /scheduler/runtimeenvironments API endpoint, allowing unauthenticated users to obtain the list of Conda environment names on the server...
CVE-2024-3761
In lunary-ai/lunary, version 1.2.2 contains an unauthorized deletion vulnerability on the DELETE endpoint at packages/backend/src/api/v1/datasets due to missing authorization/authentication. This allows any user (no token required) to delete a dataset, potentially causing data loss or service dis...
Lunary 安全漏洞
lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...
PT-2024-27674 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.7 Description: The issue is related to the DELETE endpoint located at packages/backend/src/api/v1/datasets, which is vulnerable to unauthorized dataset deletion due to missing authorization and...
CyberPower Power Device Network Utility Missing Authentication (CVE-2024-32735)
Binary data cyberpowerpdnucve-2024-32735.nbin...
CVE-2023-5935 Missing authentication for local web interface in Arc before v1.6.0
When configuring Arc e.g. during the first setup, a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of...
CVE-2024-32735
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
Siemens RUGGEDCOM CROSSBOW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-32735 CyberPower PowerPanel Enterprise Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
CVE-2024-32735 CyberPower PowerPanel Enterprise Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
CVE-2023-51587
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerabilit...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-42121
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...