CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

CVE-2025-70148

Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

CVE-2025-70147

CVE-2025-70147 affects ProjectWorlds Online Time Table Generator 1.0. The vulnerability is missing authentication on /admin/student.php and /admin/teacher.php, enabling remote attackers to access sensitive data (including plaintext password field values) via direct HTTP GET requests without a val...

CVE-2025-70146

CVE-2025-70146 affects ProjectWorlds Online Time Table Generator 1.0. Multiple administrative action scripts under /admin/ lack authentication, enabling remote attackers to perform unauthorized admin operations (e.g., add/delete records) via direct HTTP requests without a valid session. The vulne...

CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

Missing Authentication for Critical Function

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the verifyWebhook function. An attacker can send forged webhook requests to the Telnyx voice-call endpoint by omitting signature...

CVE-2025-7706

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

CVE-2025-7706

CVE-2025-7706 describes a Missing Authentication for a Critical Function in Liderahenk from TUBITAK BILGEM STI, affecting versions 3.0.0–3.3.1 prior to 3.5.0. The issue enables Remote Code Inclusion due to lack of auth on a critical function. CVSSv3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N is 6.1 (M...

CVE-2025-7706 Improper Access Control in TUBITAK BILGEM's Liderahenk

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

CVE-2025-7706

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

CVE-2026-1657

The EventPrime WordPress plugin (versions up to 4.2.8.4) is vulnerable to unauthenticated image/file upload via the ep_upload_file_media AJAX endpoint. The root cause is that the endpoint is registered as nopriv (public) without authentication, authorization, or nonce verification, allowing unaut...

PT-2026-8398

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...

PT-2026-20269

Name of the Vulnerable Software and Affected Versions Liderahenk versions 3.0.0 through 3.3.1 Description A missing authentication check for a critical function in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows for Remote Code Inclusion. The issue impacts the software’s...

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...