2959 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
PT-2025-47027
Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The Lynx+ Gateway embedded web server lacks essential authentication. This allows an attacker to send GET requests and potentially obtain sensitive device...
NVIDIA AIStore AuthN users Missing Authentication for Critical Function Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA AIStore. Authentication is not required to exploit this vulnerability. The specific flaw exists within the users endpoint. The issue results from the lack of authentication prior to...
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2025-42885
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885
CVE-2025-42885 concerns SAP HANA 2.0 (hdbrss), where missing authentication lets an unauthenticated attacker call a remote-enabled function to view information. This is a network-based issue with low confidentiality impact and no impact on integrity or availability, and has a CVSS3.1 base score o...
PT-2025-46226
Name of the Vulnerable Software and Affected Versions SAP HANA version 2.0 Description SAP HANA 2.0 hdbrss is affected by a missing authentication mechanism. This allows an unauthenticated attacker to call a remote-enabled function and view information. The issue has a low impact on...
SourceCodester Client Database Management System 安全漏洞
SourceCodester Client Database Management System is an open source client database management system from SourceCodester. A security vulnerability exists in the SourceCodester Client Database Management System version 1.0, which stems from a lack of authentication and authorization checks and...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-3243...
Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9934)
Various Lexmark products have an Incorrect Access Control vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503870; scriptversion"1.2...
Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9935)
Various Lexmark products have an Incorrect Access Control vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503853; scriptversion"1.2...
CVE-2025-12108
The CVE-2025-12108 instance affects the Survision LPR Camera system, where authentication is not enforced by default, allowing access to the configuration wizard without login credentials. Affected component: the device’s access/configuration flow (license plate recognition camera system). Impact...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...