2936 matches found
CVE-2025-30410
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 39870, Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938, Acronis Cyber Protect 15 Linux, macOS,...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v2/dag-runs endpoint, which accepts and executes inline YAML specifications without authentication in the default configuration. An attacker can execute arbitrary commands o...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v2/dag-runs endpoint, which accepts and executes inline YAML specifications without authentication in the default configuration. An attacker can execute arbitrary commands o...
CVE-2025-8350
Technical details about CVE-2025-8350 are not publicly available in the supplied documents; no concrete exploit, patch, or vendor details are provided here. Monitor for updates.
CVE-2026-2284
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'necleandata' AJAX action. This makes it possible for authenticated attackers,...
CVE-2025-70146
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...
CVE-2025-70147
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...
CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...
PT-2026-20804
Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...
CVE-2025-70148
Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication when starting sandbox browser bridge server. An attacker can gain unauthorized access to browser control...
CVE-2025-70147
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...
CVE-2025-70146
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...
CVE-2025-7706
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...
Missing Authentication for Critical Function
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tunnel.allowNgrokFreeTierLoopbackBypass configuration option in the webhook authentication. An attacker can trigger unauthorized...
Code-Projects Community Project Scholars Tracking System 安全漏洞
The Code-Projects Community Project Scholars Tracking System is an open-source community project for scholar tracking systems developed by Code-Projects. Version 1.0 of the Code-Projects Community Project Scholars Tracking System contains security vulnerabilities. These vulnerabilities stem from...
CVE-2025-70146
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...
CVE-2025-70147
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...
CVE-2025-70146
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...
CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...