Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-34028 | Missing Authentication for Critical Function vulnerability in Commvault The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. | 10.0 |
| 2025-04-17 | CVE-2024-42178 | Missing Authentication for Critical Function vulnerability in Hcltech Dryice Myxalytics 6.3 HCL MyXalytics is affected by a failure to restrict URL access vulnerability. | 7.5 |
| 2025-04-08 | CVE-2024-41791 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). | 7.3 |
| 2025-04-08 | CVE-2024-41793 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). | 8.6 |
| 2025-04-07 | CVE-2025-3248 | Missing Authentication for Critical Function vulnerability in Langflow Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. | 9.8 |
| 2025-04-05 | CVE-2025-32357 | Missing Authentication for Critical Function vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. | 4.3 |
| 2025-04-02 | CVE-2025-0257 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 7.5 |
| 2025-03-27 | CVE-2024-56469 | IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. low complexity CWE-306 | 6.3 |
| 2025-03-24 | CVE-2025-0256 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 6.5 |
| 2025-03-21 | CVE-2025-25068 | Missing Authentication for Critical Function vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes. | 8.8 |