CVE-2025-11661

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

CVE-2025-11661

ProjectsAndPrograms School Management System is reported to have an authentication bypass vulnerability that can be exploited remotely. The flaw allows manipulation to bypass authentication, with the exploit publicly available and affecting versions prior to commit hash 6b6fae5426044f89c08d0dd101...

CVE-2025-11661 ProjectsAndPrograms School Management System missing authentication

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

CVE-2025-11661 ProjectsAndPrograms School Management System missing authentication

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

PT-2025-41771

Name of the Vulnerable Software and Affected Versions Uniweb/SoliPACS WebServer developed by EBM Technologies affected versions not specified Description A missing authentication issue exists in Uniweb/SoliPACS WebServer developed by EBM Technologies. This allows unauthenticated remote attackers ...

PT-2025-41772

Name of the Vulnerable Software and Affected Versions Uniweb/SoliPACS WebServer versions affected versions not specified Description The Uniweb/SoliPACS WebServer developed by EBM Technologies has a missing authentication control. This allows unauthenticated remote attackers to access a specific...

WordPress Chartify plugin Access Control Error Vulnerability

WordPress Chartify is a plugin for quickly building charts and graphs in your WordPress website, supporting both static and dynamic data visualization, compatible with 22 chart types including line charts, pie charts, bar charts, geographic charts and more. The WordPress Chartify plugin suffers...

Get Projects School Management System 访问控制错误漏洞

Get Projects School Management System is an open source school management system software from Get Projects. An access control error vulnerability exists in Get Projects School Management System that stems from a lack of authentication and could lead to a remote attack...

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

It is an offensive tool for web application exploitation. This r...

CVE-2025-11198

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

EUVD-2025-33403

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

CVE-2025-11198

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

Missing Authentication for Critical Function

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api-key plugin's create endpoints. An attacker can gain unauthorized access to any user's account by...

CVE-2025-11198

CVE-2025-11198 describes a Missing Authentication for Critical Function in Juniper Networks Security Director Policy Enforcer. An unauthenticated, network-based attacker can cause deployment of malicious vSRX images by replacing legitimate images when a trusted user initiates deployment; the atta...

CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

CVE-2025-11171

The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter,...

CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

CVE-2025-11529

This CVE affects ChurchCRM up to version 5.18.0 in the API Endpoint’s AuthMiddleware (src/ChurchCRM/Slim/Middleware/AuthMiddleware.php). The vulnerability is an authentication bypass: the AuthMiddleware function allows missing authentication, enabling remote exploitation. Public exploits exist, a...

PT-2025-41398

Name of the Vulnerable Software and Affected Versions Juniper Networks Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3 Description A missing authentication check for a critical function in Juniper Networks Security Director Policy Enforcer allows an unauthenticated,...

CVE-2025-11171

CVE-2025-11171 affects the Chartify – WordPress Chart Plugin (up to version 3.5.9). A Missing Authentication for a Critical Function vulnerability arises from an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without nonce or capability checks. Thi...