PT-2025-51125

CVE-2025-67693 - Apache Apache HTTP Server Missing Authentication for Configuration CVE ID : CVE-2025-67693 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

SAP NetWeaver AS Missing Authentication (December 2025)

The version of SAP NetWeaver Application Server detected on the remote host is affected by a missing authentication vulnerability as disclosed in the SAP Security Patch Day December 2025: - The SAP Internet Communication Framework does not conduct any authentication checks for features that need...

CVE-2025-13607 D-Link CCTV camera model DCS-F5614-L1 Missing Authentication for Critical Function

A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL...

Exploit for Missing Authentication for Critical Function in Langflow

Langflow RCE Exploit - CVE-2025-3248 ⚠️ Disclaimer...

PT-2025-50297

Name of the Vulnerable Software and Affected Versions PipesHub versions prior to 0.1.0-beta Description PipesHub is a workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta have a missing authentication check on the POST /api/v1/record/buffer/convert...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

EUVD-2025-202233

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

Windows Storage VSP Driver Elevation of Privilege Vulnerability

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

PT-2025-50152

Name of the Vulnerable Software and Affected Versions Windows Storage VSP Driver affected versions not specified Description A security issue exists in the Windows Storage VSP Driver that allows a local attacker to gain elevated privileges. The problem stems from a lack of proper authentication f...

SAP Internet Communication Framework 访问控制错误漏洞

SAP Internet Communication Framework is an Internet communication architecture from SAP, Germany. An access control error vulnerability exists in SAP Internet Communication Framework, which stems from a lack of authentication checks that could lead to the reuse of authorization tokens...

CVE-2025-13313

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

CVE-2025-66555

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

EUVD-2025-201279

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-66555

AirKeyboard iOS App 1.0.5 is vulnerable due to missing authentication, enabling unauthenticated remote keystroke injection in real time and full input control on the victim device. Root cause: lack of authentication; impact includes arbitrary input and potential data exposure. Exploitation detail...

CVE-2025-66555 AirKeyboard iOS App 1.0.5 - Remote Input Injection

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...