2931 matches found
CVE-2024-32764
Summary: CVE-2024-32764 affects QNAP’s myQNAPcloud Link. The issue is a missing authentication for a critical function accessible over the network, potentially allowing a user with existing functional privileges to exploit it. Affected product/version: myQNAPcloud Link prior to 2.4.51 (vulnerable...
CVE-2024-32764 myQNAPcloud Link
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...
PT-2024-24836
Name of the Vulnerable Software and Affected Versions myQNAPcloud Link versions prior to 2.4.51 Description A missing authentication for critical function vulnerability has been reported. If exploited, the vulnerability could allow users with the privilege level of some functionality via a networ...
CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...
CVE-2024-30391
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...
The vulnerability of the proxy server of the cloud messaging and Apache Pulsar streaming platform allows attackers to expose sensitive information and cause service failures.
The vulnerability of a cloud messaging and Apache Pulsar streaming service’s proxy server lies in the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to disclose protected information and cause service failures...
CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...
CVE-2024-31218
CVE-2024-31218 affects Webhood backend up to version 0.9.0, where the Pocketbase admin API can be invoked unauthenticated to create an admin account when none exists. The issue arises from Missing Authentication for a Critical Function and makes deployments vulnerable unless an admin account alre...
Missing Authentication
apacheairflow is vulnerable to Missing Authentication. The vulnerability due to lack of authentication enforcement on the lineage endpoint of the deprecated Experimental API, allows unauthenticated users to access the endpoint, potentially exposing metadata about a Directed Acyclic Graph DAG and...
CVE-2024-22247
CVE-2024-22247 — VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access during activation could potentially access BIOS configuration and exploit the default boot priority. The issue is documented with a moderate base sc...
CVE-2024-22247
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...
CVE-2023-6949
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...
CVE-2023-6949
CVE-2023-6949 affects the HTTP service on DJI Mavic Mini 3 Pro. A Missing Authentication for Critical Function vulnerability on port 80 allows an attacker to enumerate and download videos and pictures stored in drone memory without authentication. Connected sources corroborate the issue and ident...
PT-2024-3861 · Vmware · Vmware Sd-Wan Edge
Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to a missing authentication and protection mechanism in the VMware SD-WAN Edge appliance. A malicious actor with physical access to the appliance during...
CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro
Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...
WordPress Plugin Word Replacer Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Simple JWT Security Vulnerability
Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...
CVE-2024-25995
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...