Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-04 | CVE-2023-22906 | Missing Authentication for Critical Function vulnerability in Heroelectronix Qubo Hcd01 Firmware and Qubo Hcd02 Firmware Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. | 8.8 |
| 2023-06-30 | CVE-2023-2834 | Missing Authentication for Critical Function vulnerability in Stylemixthemes Bookit The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. | 9.8 |
| 2023-06-30 | CVE-2023-36347 | Missing Authentication for Critical Function vulnerability in Codekop 2.0 A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. | 7.5 |
| 2023-06-20 | CVE-2023-35854 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | 9.8 |
| 2023-06-19 | CVE-2023-31411 | Missing Authentication for Critical Function vulnerability in Sick Eventcam APP A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. | 9.8 |
| 2023-06-19 | CVE-2023-27396 | Missing Authentication for Critical Function vulnerability in Omron products FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. | 9.8 |
| 2023-06-13 | CVE-2023-31196 | Missing Authentication for Critical Function vulnerability in Inaba products Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. | 7.5 |
| 2023-06-13 | CVE-2023-2827 | Missing Authentication for Critical Function vulnerability in SAP Digital Manufacturing and Plant Connectivity SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. | 5.7 |
| 2023-06-12 | CVE-2023-34335 | Missing Authentication for Critical Function vulnerability in AMI Megarac SPX 12.0/13.0 AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. | 9.1 |
| 2023-06-07 | CVE-2020-36713 | Missing Authentication for Critical Function vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. | 9.8 |