Exploit for Missing Authentication for Critical Function in Langflow

Langflow RCE Exploit - CVE-2025-3248 ⚠️ Disclaimer...

PT-2025-50297

Name of the Vulnerable Software and Affected Versions PipesHub versions prior to 0.1.0-beta Description PipesHub is a workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta have a missing authentication check on the POST /api/v1/record/buffer/convert...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

EUVD-2025-202233

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

Windows Storage VSP Driver Elevation of Privilege Vulnerability

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

PT-2025-50152

Name of the Vulnerable Software and Affected Versions Windows Storage VSP Driver affected versions not specified Description A security issue exists in the Windows Storage VSP Driver that allows a local attacker to gain elevated privileges. The problem stems from a lack of proper authentication f...

SAP Internet Communication Framework 访问控制错误漏洞

SAP Internet Communication Framework is an Internet communication architecture from SAP, Germany. An access control error vulnerability exists in SAP Internet Communication Framework, which stems from a lack of authentication checks that could lead to the reuse of authorization tokens...

CVE-2025-13313

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

CVE-2025-66555

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-66555

AirKeyboard iOS App 1.0.5 is vulnerable due to missing authentication, enabling unauthenticated remote keystroke injection in real time and full input control on the victim device. Root cause: lack of authentication; impact includes arbitrary input and potential data exposure. Exploitation detail...

CVE-2025-66555 AirKeyboard iOS App 1.0.5 - Remote Input Injection

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

EUVD-2025-201279

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

CVE-2025-54158

CVE-2025-54158 affects Synology BeeDrive for desktop prior to 1.4.2-13960. The issue is a missing authentication check in a critical function, enabling local users to potentially execute arbitrary code via unspecified vectors. Multiple connected sources (Red Hat, NVD, CVE lists, and vendor adviso...

EUVD-2025-201167

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...