EUVD-2025-205373

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-66377

CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...

CVE-2025-3232 Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-12049

CVE-2025-12049 affects Sharp Display Solutions Media Player MP-01. The connected documents identify a Missing Authentication for Critical Function (CWE-306) vulnerability that allows an attacker to access the device’s web interface without authentication, change settings or perform other operatio...

EUVD-2025-204698

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

PT-2025-52632

Name of the Vulnerable Software and Affected Versions Sharp Display Solutions Media Player MP-01 affected versions not specified Description A critical issue exists in Sharp Display Solutions Media Player MP-01 where a missing authentication check for a critical function allows unauthorized acces...

EUVD-2024-55358

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2025-40815)

A vulnerability has been identified in - LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions - LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions - LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions - LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions - LOGO! 24CE 6ED1052-1CC08-0BA2 All versions - LOGO! 24CEo...

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/config endpoint. An attacker can access sensitive system configuration data by sending unauthenticated GET requests to this endpoint. Remediation Ther...

OpenPLC Runtime version 3 跨站请求伪造漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. OpenPLC Runtime version 3 suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF authentication, which could lead to a cross-site request forgery attack...

EUVD-2025-203098

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...