Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2023-25570 Missing Authentication for Critical Function vulnerability in Apolloconfig Apollo
Apollo is a configuration management system.
network
low complexity
apolloconfig CWE-306
7.5
7.5
2023-02-16 CVE-2022-47703 Missing Authentication for Critical Function vulnerability in Tianjie Cpe906-3 and Cpe906-3 Firmware
TIANJIE CPE906-3 is vulnerable to password disclosure.
network
low complexity
tianjie CWE-306
7.5
7.5
2023-02-16 CVE-2022-27891 Missing Authentication for Critical Function vulnerability in Palantir Gotham
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session.
network
low complexity
palantir CWE-306
5.3
5.3
2023-02-09 CVE-2022-48288 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
The bundle management module lacks authentication and control mechanisms in some APIs.
network
low complexity
huawei CWE-306
7.5
7.5
2023-02-09 CVE-2022-48289 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
The bundle management module lacks authentication and control mechanisms in some APIs.
network
low complexity
huawei CWE-306
7.5
7.5
2023-02-09 CVE-2022-48299 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
The WMS module lacks the authentication mechanism in some APIs.
network
low complexity
huawei CWE-306
7.5
7.5
2023-02-09 CVE-2022-48300 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
The WMS module lacks the authentication mechanism in some APIs.
network
low complexity
huawei CWE-306
7.5
7.5
2023-02-08 CVE-2022-43761 Missing Authentication for Critical Function vulnerability in Br-Automation Industrial Automation Aprol
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. 
network
low complexity
br-automation CWE-306
7.5
7.5
2023-02-08 CVE-2022-45190 Missing Authentication for Critical Function vulnerability in Microchip Rn4870 Firmware 1.43
An issue was discovered on Microchip RN4870 1.43 devices.
high complexity
microchip CWE-306
5.3
5.3
2023-02-07 CVE-2022-24990 Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
network
low complexity
terra-master CWE-306
7.5
7.5