2931 matches found
PT-2025-30204 · Unknown · Moneyprinterturbo
Name of the Vulnerable Software and Affected Versions: harry0703 MoneyPrinterTurbo versions through 1.2.6 Description: A critical issue exists in the verify token function within the app/controllers/base.py file of the API Endpoint component. This allows for missing authentication and may be...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...
The vulnerability of the StateRepository service in the Windows operating system allows a perpetrator to gain access to read and modify data.
The vulnerability of the StateRepository service in the Windows operating system is related to the lack of authentication. Exploiting this vulnerability can allow an attacker to gain access to read and modify data...
CVE-2025-53378
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only...
CVE-2025-53378
CVE-2025-53378 concerns Trend Micro Worry-Free Business Security Services (WFBSS) agent. The issue is a missing authentication vulnerability that could allow an unauthenticated attacker to remotely take control of the agent on affected installations. Affected product scope is limited to the SaaS ...
CVE-2025-53378
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only...
CVE-2025-53378
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only...
CVE-2025-7114
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...
CVE-2025-7115
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts of the component Session Handler. The manipulation of the argument...
CVE-2025-7031
Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4...
CVE-2025-48814
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...
CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...
Fortinet FortiOS和Fortinet FortiProxy 安全漏洞
Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...
CVE-2025-7115
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts of the component Session Handler. The manipulation of the argument...
CVE-2025-7114
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...
CVE-2025-7115
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts of the component Session Handler. The manipulation of the argument...
CVE-2025-7115
The CVE-2025-7115 entry concerns rowboatlabs rowboat, specifically the Session Handler component. The vulnerable element is the function PUT in file apps/rowboat/app/api/uploads/[fileId]/route.ts, where manipulation of the params argument leads to missing authentication, enabling remote exploitat...
CVE-2025-7114 SimStudioAI sim Session route.ts POST missing authentication
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...