Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-41351 Missing Authentication for Critical Function vulnerability in Nokia G-040W-Q Firmware G040Wqr201207
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL.
network
low complexity
nokia CWE-306
critical
9.8
2023-10-31 CVE-2023-46249 Missing Authentication for Critical Function vulnerability in Goauthentik Authentik
authentik is an open-source Identity Provider.
network
low complexity
goauthentik CWE-306
critical
9.8
2023-10-31 CVE-2023-46978 Missing Authentication for Critical Function vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
network
low complexity
totolink CWE-306
7.5
2023-10-26 CVE-2023-46747 Missing Authentication for Critical Function vulnerability in F5 products
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-306
critical
9.8
2023-10-25 CVE-2023-40401 Missing Authentication for Critical Function vulnerability in Apple Macos
The issue was addressed with additional permissions checks.
network
low complexity
apple CWE-306
7.5
2023-10-25 CVE-2023-42845 Missing Authentication for Critical Function vulnerability in Apple Ipados, Iphone OS and Macos
An authentication issue was addressed with improved state management.
network
low complexity
apple CWE-306
5.3
2023-10-25 CVE-2023-26570 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26571 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26573 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
network
low complexity
idattend CWE-306
critical
9.1
2023-10-25 CVE-2023-26574 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5