2931 matches found
CVE-2025-8723
The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
The CVE-2025-27214 entry concerns UniFi Connect EV Station Pro (versions up to 1.5.18) where a Missing Authentication for Critical Function vulnerability could allow a nearby or physically present attacker to trigger an unauthorized factory reset. The core issue is lack of authentication for crit...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
PT-2025-34173 · Ubiquiti · Unifi Connect Ev Station Pro
Name of the Vulnerable Software and Affected Versions: UniFi Connect EV Station Pro versions 1.5.18 and earlier Description: A missing authentication check for critical functions in UniFi Connect EV Station Pro could allow an attacker with physical or adjacent access to perform an unauthorized...
CVE-2025-8611
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8610
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8611
CVE-2025-8611 affects AOMEI Cyber Backup. The flaw is in the DaoService (listening on TCP 9074) where missing authentication allows remote code execution with SYSTEM privileges. Exploitation is possible without authentication, per ZDI-CAN-26158; |CVSSv3.0 base score 9.8|, attack vector NETWORK, h...
CVE-2025-8611 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8611 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8610
CVE-2025-8610 concerns AOMEI Cyber Backup. The flaw is a missing authentication in the StorageNode service (listening on TCP 9075 by default) that allows remote code execution in the SYSTEM context. This is a network-accessible vulnerability with high impact (confidentiality, integrity, and avail...
CVE-2025-8610 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8610 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
Tenda AC6 V5.0 missing initial setup authentication vulnerability
Talos Vulnerability Report TALOS-2025-2163 Tenda AC6 V5.0 missing initial setup authentication vulnerability August 20, 2025 CVE Number CVE-2025-24322 SUMMARY An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...
📄 Piciorgros TMO-100 Configuration Change
Piciorgros TMO-100 allows for an unauthorized configuration change via TFTP. This issue affects versions prior to 4.20. Classification -------------- - CWE-306: Missing Authentication for Critical Function - CWE-940: Improper Verification of Source of a Communication Channel - CWE-200: Exposure o...
GO-2025-3875 Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence...
GO-2025-3865 Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence...
CVE-2025-8754
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...