Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2025-05-09 CVE-2025-4382 A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption.
low complexity
CWE-306
5.9
5.9
2025-05-07 CVE-2025-20210 A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.
network
low complexity
CWE-306
7.3
7.3
2025-05-05 CVE-2025-4268 Missing Authentication for Critical Function vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.
network
low complexity
totolink CWE-306
5.3
5.3
2025-05-03 CVE-2025-1495 IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
network
low complexity
CWE-306
4.3
4.3
2025-04-28 CVE-2025-4018 A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.
network
low complexity
CWE-306
5.3
5.3
2025-04-28 CVE-2025-4015 A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.
network
low complexity
CWE-306
5.3
5.3
2025-04-22 CVE-2025-34028 Missing Authentication for Critical Function vulnerability in Commvault
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.
network
low complexity
commvault CWE-306
critical
 10.0
10
2025-04-08 CVE-2024-41791 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-306
7.3
7.3
2025-04-08 CVE-2024-41793 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-306
8.6
8.6
2025-04-07 CVE-2025-3248 Missing Authentication for Critical Function vulnerability in Langflow
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.
network
low complexity
langflow CWE-306
critical
 9.8
9.8