VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authentication for Critical Function
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-27
CVE-2025-41651
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
network
low complexity
CWE-306
critical
9.8
9.8
2025-05-26
CVE-2025-41655
An unauthenticated remote attacker can access a URL which causes the device to reboot.
network
low complexity
CWE-306
7.5
7.5
2025-05-13
CVE-2024-23815
A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones).
network
low complexity
CWE-306
7.5
7.5
2025-05-12
CVE-2025-4555
The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions.
network
low complexity
CWE-306
critical
9.8
9.8
2025-05-09
CVE-2025-4382
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption.
low complexity
CWE-306
5.9
5.9
2025-05-07
CVE-2025-20210
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.
network
low complexity
CWE-306
7.3
7.3
2025-05-05
CVE-2025-4268
Missing Authentication for Critical Function vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.
network
low complexity
totolink
CWE-306
5.3
5.3
2025-05-03
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
network
low complexity
CWE-306
4.3
4.3
2025-04-28
CVE-2025-4018
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.
network
low complexity
CWE-306
5.3
5.3
2025-04-28
CVE-2025-4015
A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.
network
low complexity
CWE-306
5.3
5.3
«
1
(current)
2
3
4
5
...
97
98
»
Next