2931 matches found
CVE-2025-66377
CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
CVE-2025-3232 Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...
Media Player MP-01 vulnerable to Missing Authentication for Critical Function
Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...
CVE-2025-12049
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
CVE-2025-12049
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
CVE-2025-12049
CVE-2025-12049 affects Sharp Display Solutions Media Player MP-01. The connected documents identify a Missing Authentication for Critical Function (CWE-306) vulnerability that allows an attacker to access the device’s web interface without authentication, change settings or perform other operatio...
CVE-2025-12049
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
EUVD-2025-204698
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
PT-2025-52632
Name of the Vulnerable Software and Affected Versions Sharp Display Solutions Media Player MP-01 affected versions not specified Description A critical issue exists in Sharp Display Solutions Media Player MP-01 where a missing authentication check for a critical function allows unauthorized acces...
EUVD-2024-55358
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...
Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2025-40815)
A vulnerability has been identified in - LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions - LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions - LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions - LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions - LOGO! 24CE 6ED1052-1CC08-0BA2 All versions - LOGO! 24CEo...
CVE-2025-34434
AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...
Missing Authentication for Critical Function
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/config endpoint. An attacker can access sensitive system configuration data by sending unauthenticated GET requests to this endpoint. Remediation Ther...
OpenPLC Runtime version 3 跨站请求伪造漏洞
OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. OpenPLC Runtime version 3 suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF authentication, which could lead to a cross-site request forgery attack...
EUVD-2025-203098
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...
PT-2025-51125
CVE-2025-67693 - Apache Apache HTTP Server Missing Authentication for Configuration CVE ID : CVE-2025-67693 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...
SAP NetWeaver AS Missing Authentication (December 2025)
The version of SAP NetWeaver Application Server detected on the remote host is affected by a missing authentication vulnerability as disclosed in the SAP Security Patch Day December 2025: - The SAP Internet Communication Framework does not conduct any authentication checks for features that need...
CVE-2025-13607 D-Link CCTV camera model DCS-F5614-L1 Missing Authentication for Critical Function
A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL...