Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-11-26 CVE-2024-49052 Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
CWE-306
8.2
2024-11-18 CVE-2024-0012 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-306
critical
9.8
2024-11-18 CVE-2024-41967 A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.
network
low complexity
CWE-306
8.1
2024-11-18 CVE-2024-41969 A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
network
low complexity
CWE-306
8.8
2024-11-15 CVE-2024-10924 Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.
network
low complexity
really-simple-plugins CWE-306
critical
9.8
2024-10-31 CVE-2024-9430 The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0.
network
low complexity
CWE-306
5.3
2024-10-29 CVE-2024-51567 Missing Authentication for Critical Function vulnerability in Cyberpanel
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX.
network
low complexity
cyberpanel CWE-306
critical
9.8
2024-10-28 CVE-2024-50488 Missing Authentication for Critical Function vulnerability in Priyabratasarkar Token Login
Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3.
network
low complexity
priyabratasarkar CWE-306
8.8
2024-10-28 CVE-2024-50477 Missing Authentication for Critical Function vulnerability in Stacksmarket Stacks Mobile APP Builder
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
network
low complexity
stacksmarket CWE-306
critical
9.8
2024-10-28 CVE-2024-50486 Missing Authentication for Critical Function vulnerability in Acnoo Flutter API
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.
network
low complexity
acnoo CWE-306
critical
9.8