| 2025-03-20 | CVE-2024-8053 | Missing Authentication for Critical Function vulnerability in Openwebui Open Webui 0.3.10
In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. | 8.2 |
| 2025-03-18 | CVE-2024-23943 | An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. network low complexity CWE-306 critical | 9.1 |
| 2025-03-16 | CVE-2025-2344 | A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. | 5.3 |
| 2025-03-11 | CVE-2024-52285 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). | 5.3 |
| 2025-03-11 | CVE-2025-23194 | SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. | 5.3 |
| 2025-02-19 | CVE-2025-21355 | Missing Authentication for Critical Function vulnerability in Microsoft Bing
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | 9.8 |
| 2025-02-13 | CVE-2025-24865 | Missing Authentication for Critical Function vulnerability in Myscada Mypro
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | 9.8 |
| 2025-02-12 | CVE-2025-0108 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. | 9.1 |
| 2025-02-08 | CVE-2024-54176 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 4.3 |
| 2025-01-22 | CVE-2024-12857 | Missing Authentication for Critical Function vulnerability in Scriptsbundle Adforest
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. | 9.8 |