Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-40545 Missing Authentication for Critical Function vulnerability in Pingidentity Pingfederate 11.3.0
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
network
low complexity
pingidentity CWE-306
critical
9.8
2024-02-06 CVE-2024-23917 Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
network
low complexity
jetbrains CWE-306
critical
9.8
2024-02-01 CVE-2023-49115 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
network
low complexity
machinesense CWE-306
7.5
2024-02-01 CVE-2023-49617 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.
network
low complexity
machinesense CWE-306
critical
9.1
2024-02-01 CVE-2023-6221 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access.
network
low complexity
machinesense CWE-306
6.5
2024-02-01 CVE-2024-22449 Missing Authentication for Critical Function vulnerability in Dell Powerscale Onefs
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability.
local
low complexity
dell CWE-306
7.8
2024-01-30 CVE-2023-6942 Missing Authentication for Critical Function vulnerability in Mitsubishielectric products
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
network
low complexity
mitsubishielectric CWE-306
7.5
2024-01-26 CVE-2024-23618 Missing Authentication for Critical Function vulnerability in Commscope Arris Surfboard Sbg6950Ac2 Firmware
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices.
network
low complexity
commscope CWE-306
critical
9.8
2024-01-19 CVE-2023-51947 Missing Authentication for Critical Function vulnerability in Actidata Actinas SL 2U-8 RDX Firmware 3.2.03
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.
network
low complexity
actidata CWE-306
critical
9.1
2024-01-18 CVE-2024-22212 Missing Authentication for Critical Function vulnerability in Nextcloud Global Site Selector
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server.
network
low complexity
nextcloud CWE-306
critical
9.8