The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, allows a attacker to perform a CSRF attack.

The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to perform a CSRF attack...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-8286 Güralp Systems Güralp FMUS series Missing Authentication for Critical Function

Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-46811

CVE-2025-46811 is a Missing Authorization vulnerability in SUSE Manager allowing unauthenticated websocket access on port 443 to execute commands as root on any client. Affected are SUSE Manager Container (suse/manager/5.0/x86_64/server:5.0.5.7.30.1) before 5.0.27-150600.3.33.1 and various SUSE M...

CVE-2025-46811 SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-46811 SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现： http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

Missing Authentication

backend.ai is vulnerable to Missing Authentication. The vulnerability is due to improper access control caused by lack of authentication checks in the registration feature, allowing arbitrary users to create accounts and access private data even when registration is disabled...

CVE-2018-25114

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...

The vulnerability of Trend Micro Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS) lies in the lack of authentication for a critical function, allowing attackers to gain full control over the application.

The vulnerability of Trend Micro Worry-Free Business Security WFBS and Worry-Free Business Security Services WFBSS lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application...

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle WebLogic Server is related to the lack of authentication for critical functions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using protocols such as T3 and II...

TOTOLINK T6 Missing Authentication Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a lack of authentication vulnerability that stems from the setTelnetCfg function of the /cgi-bin/cstecgi.cgi file in the component...

CVE-2025-7862

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnetenabled with the input 1 leads to...

The vulnerability in the software web interface for Juniper Networks Security Director allows a hacker to disclose protected information.

The vulnerability of the Juniper Networks Security Director software’s web interface for security policy management is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

Missing Authentication for Critical Function

Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...

CVE-2025-7897

CVE-2025-7897 (MoneyPrinterTurbo API Endpoint) affects MoneyPrinterTurbo up to v1.2.6, specifically the API Endpoint’s verify_token function in app/controllers/base.py. The root cause is missing authentication, enabling remote exploitation as described across multiple sources (NVD, Red Hat, Snyk,...

CVE-2025-7862

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnetenabled with the input 1 leads to...

CVE-2025-7862

The vulnerability CVE-2025-7862 affects TOTOLINK T6 4.1.5cu.748_B20211015, specifically the Telnet Service’s /cgi-bin/cstecgi.cgi setTelnetCfg function. Manipulating telnet_enabled to 1 allows missing authentication and remote exploitation. Several sources confirm the issue and that the exploit h...

CVE-2025-7862 TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnetenabled with the input 1 leads to...