2931 matches found
CVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
CVE-2025-7677
A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...
CVE-2025-7679
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...
CVE-2025-53191
Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before 3.08.04-s01...
CVE-2025-8754
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...
CVE-2025-8754 ABB AbilityTM zenon Remote Transport Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...
CVE-2025-8754 ABB AbilityTM zenon Remote Transport Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...
CVE-2025-8754
CVE-2025-8754 concerns ABB AbilityTM zenon (versions 7.50–14). The vulnerability is a Missing Authentication for a Critical Function, exposing a command/operation over NETWORK with no privileges required and no user interaction. According to multiple sources, the issue can impact availability (hi...
CVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
CVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
CVE-2025-53789
CVE-2025-53789 affects Windows StateRepository API where missing authentication enables local privilege escalation. The NCSC advisory references this CVE with CVSS 3.1/7.8 (High) and impact described as escalating privileges. No explicit affected product/version details or fix/remediation are pro...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally...
PT-2025-32859 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: Missing authentication for a critical function within the Windows StateRepository API can allow a local attacker to elevate privileges. Recommendations: At the moment, there is no informati...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the create channel subscription endpoint, which fails to check the authorization of the user. An attacker can gain unauthorized access to create channel subscriptions by making API calls...
GHSA-6FF3-JGXH-VFFJ Mattermost Confluence Plugin is Missing Authentication for Critical Function
Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...
CVE-2025-54478
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-7677
A denial-of-service DoS attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT...