| 2025-04-08 | CVE-2024-41791 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). | 7.3 |
| 2025-04-08 | CVE-2024-41793 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). | 8.6 |
| 2025-04-05 | CVE-2025-32357 | Missing Authentication for Critical Function vulnerability in Zammad 6.4.0/6.4.1
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. | 4.3 |
| 2025-04-02 | CVE-2025-0257 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 7.5 |
| 2025-03-27 | CVE-2024-56469 | IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 6.3 |
| 2025-03-24 | CVE-2025-0256 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 6.5 |
| 2025-03-21 | CVE-2025-25068 | Missing Authentication for Critical Function vulnerability in Mattermost Server
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes. | 8.8 |
| 2025-03-20 | CVE-2024-8053 | Missing Authentication for Critical Function vulnerability in Openwebui Open Webui 0.3.10
In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. | 8.2 |
| 2025-03-18 | CVE-2024-23943 | An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. network low complexity CWE-306 critical | 9.1 |
| 2025-03-16 | CVE-2025-2344 | A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. | 5.3 |