CVE-2025-7114 SimStudioAI sim Session route.ts POST missing authentication

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...

PT-2025-28133 · Rowboatlabs · Rowboat

Name of the Vulnerable Software and Affected Versions: rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97 Description: A critical issue has been found, affecting the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts in the Session Handler component. The...

rowboat 访问控制错误漏洞

rowboat is an AI-driven multi-intelligence builder open-sourced by RowBoat Labs. An access control error vulnerability exists in rowboat, which stems from missing authentication in the file apps/rowboat/app/api/uploads/fileId/route.ts...

PT-2025-28131

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Description: A critical issue was found in the Session Handler component, specifically affecting the POST function of the file apps/sim/app/api/files/upload/route.ts. The...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的，主要是一些反序列化的poc真的不好写，我也不咋会.. USE 使用前请先填写config.py中的server参数...

CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-45814

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack...

Missing Authentication for Critical Function

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

CVE-2025-34070 GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

CVE-2024-8419

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication...

The vulnerability of the Node-RED visual programming tool’s server on the Pilz IndustrialPI operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the Node-RED visual programming tool on the Pilz IndustrialPI industrial computer server is related to the absence of default authentication settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-6916

TOTOLINK T6 is affected (version 4.1.5cu.748_B20211015). The vulnerability resides in the Form_Login function of /formLoginAuth.htm, where manipulating the authCode/goURL parameter leads to missing authentication. Access is required from the local network, and the exploit has been publicly disclo...

CVE-2024-8419

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication...

CVE-2024-8419

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication...

CVE-2024-8419 Improper Access Control vulnerability in AC4xxS devices

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication...