Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 – Erlang/OTP SSH RCE Vulnerability 📌 Summary...

CVE-2023-7308

CVE-2023-7308 affects NSFOCUS SecGate3600. Affected component is the /cgi-bin/authUser/authManageSet.cgi endpoint, where authentication checks are not enforced on POST requests, allowing unauthenticated remote access to sensitive data (user identifiers, configuration details). Exploitation eviden...

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

CVE-2025-30039 Missing authentication in API returning a list of all active sessions

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...

CVE-2025-30039 Missing authentication in API returning a list of all active sessions

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...

CVE-2025-30037 Missing authentication in APIs allowing data retrieval and modification

The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp...

CVE-2025-30037 Missing authentication in APIs allowing data retrieval and modification

The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp...

CVE-2025-9254

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

CVE-2025-8611

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...

CVE-2025-8610

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...

CVE-2025-9254

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

CVE-2025-9254

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

CVE-2025-9254

CVE-2025-9254 concerns WebITR by Uniong with a missing authentication vulnerability that allows unauthenticated remote attackers to log in as arbitrary users by exploiting a specific functionality. Multiple sources (Red Hat, NVD, CVE lists) describe an unauthenticated access/control issue; the ex...

CVE-2025-9254 Uniong｜WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

CVE-2025-9254 Uniong｜WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

PT-2025-34341 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong suffers from a missing authentication issue. This allows unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specif...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v4/teams/:teamId/restore endpoint. An attacker can access sensitive team invite information by sending crafted requests to this endpoint without proper privileges. Remediati...