2966 matches found
The vulnerability of the proxy server of the cloud messaging and Apache Pulsar streaming platform allows attackers to expose sensitive information and cause service failures.
The vulnerability of a cloud messaging and Apache Pulsar streaming service’s proxy server lies in the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to disclose protected information and cause service failures...
CVE-2024-31218
CVE-2024-31218 affects Webhood backend up to version 0.9.0, where the Pocketbase admin API can be invoked unauthenticated to create an admin account when none exists. The issue arises from Missing Authentication for a Critical Function and makes deployments vulnerable unless an admin account alre...
CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...
Missing Authentication
apacheairflow is vulnerable to Missing Authentication. The vulnerability due to lack of authentication enforcement on the lineage endpoint of the deprecated Experimental API, allows unauthenticated users to access the endpoint, potentially exposing metadata about a Directed Acyclic Graph DAG and...
CVE-2024-22247
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...
CVE-2024-22247
CVE-2024-22247 — VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access during activation could potentially access BIOS configuration and exploit the default boot priority. The issue is documented with a moderate base sc...
CVE-2023-6949
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...
CVE-2023-6949
CVE-2023-6949 affects the HTTP service on DJI Mavic Mini 3 Pro. A Missing Authentication for Critical Function vulnerability on port 80 allows an attacker to enumerate and download videos and pictures stored in drone memory without authentication. Connected sources corroborate the issue and ident...
PT-2024-3861 · Vmware · Vmware Sd-Wan Edge
Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to a missing authentication and protection mechanism in the VMware SD-WAN Edge appliance. A malicious actor with physical access to the appliance during...
CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro
Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...
WordPress Plugin Word Replacer Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Simple JWT Security Vulnerability
Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...
CVE-2024-25995
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...
CVE-2024-25995
CVE-2024-25995 involves PHOENIX CONTACT CHARX SEC-3000 (CHARX Series) AC charge controllers. The root cause is an input-validation/authentication flaw in critical functions, allowing an unauthenticated attacker to modify configurations and trigger remote code execution. Affected product versions ...
CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...
CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...
TPC-110W Missing Authentication
include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...
TPC-110W - Missing Authentication for Critical Function
include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...