CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...

Unauthorized Account Creation

melis-core is vulnerable to Unauthorized Account Creation. The vulnerability is due to missing authentication on the /melis/MelisCore/ToolUser/addNewUser endpoint, where an unauthenticated attacker can directly invoke this function to create a new administrator account and gain full control of th...

PT-2025-49037

Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.4.2-13960 Description A missing authentication check exists for a critical function within BeeDrive. This flaw allows local users to potentially execute arbitrary code through unspecified...

PT-2025-49138

Name of the Vulnerable Software and Affected Versions AirKeyboard iOS App version 1.0.5 Description The AirKeyboard iOS App has a missing authentication mechanism. This allows unauthenticated attackers to send arbitrary keystrokes to a victim’s iOS device in real-time, without requiring user...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

CVE-2025-13510 Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings...

Socomec DIRIS Digiware M-70 Modbus RTU over TCP reboot denial of service vulnerability

Talos Vulnerability Report TALOS-2025-2139 Socomec DIRIS Digiware M-70 Modbus RTU over TCP reboot denial of service vulnerability December 1, 2025 CVE Number CVE-2025-23417 SUMMARY A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-3243...

WordPress plugin QODE Wishlist for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 - Veeam Backup & Replication Vulnerability...

PT-2025-48184

Name of the Vulnerable Software and Affected Versions HashTech versions 1.0 through commit 5919decaff2681dc250e934814fc3a35f6093ee5 Description A missing authentication check on the /admin index.php endpoint allows an attacker to access the administrative dashboard without valid credentials. This...

CVE-2025-13483

SiRcom SMART Alert (SiSA) is affected by a Missing Authentication vulnerability that lets an unauthenticated attacker access backend APIs and bypass the login screen via browser developer tools, gaining access to restricted parts of the application. The CVE-2025-13483 entry notes a high-severity ...

CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unsafe direct object reference vulnerability

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...

CVE-2025-63435

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...