Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-13	CVE-2023-27747	Missing Authentication for Critical Function vulnerability in Blackvue Dr750-2Ch IR LTE Firmware and Dr750-2Ch LTE Firmware BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. network low complexity blackvue CWE-306	7.5
2023-04-11	CVE-2022-41331	Missing Authentication for Critical Function vulnerability in Fortinet Fortiproxy A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests. network low complexity fortinet CWE-306 critical	9.8
2023-04-11	CVE-2023-24527	Missing Authentication for Critical Function vulnerability in SAP Netweaver AS Java for Deploy Service 7.5 SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity. network low complexity sap CWE-306	5.3
2023-03-29	CVE-2020-14140	Missing Authentication for Critical Function vulnerability in MI Xiaomi Router Firmware When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. network low complexity mi CWE-306	7.5
2023-03-27	CVE-2022-48291	Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos The Bluetooth module has an authentication bypass vulnerability in the pairing process. low complexity huawei CWE-306	6.5
2023-03-27	CVE-2023-1140	Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. network low complexity deltaww CWE-306 critical	9.8
2023-03-23	CVE-2023-28470	Missing Authentication for Critical Function vulnerability in Couchbase Server In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. network low complexity couchbase CWE-306	5.3
2023-03-10	CVE-2023-27532	Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. network low complexity veeam CWE-306	7.5
2023-03-03	CVE-2022-45551	Missing Authentication for Critical Function vulnerability in ZBT We1626 Firmware 21.06.18 An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. network low complexity zbt CWE-306 critical	9.8
2023-02-28	CVE-2023-20857	Missing Authentication for Critical Function vulnerability in VMWare Workspace ONE Content 3.20/3.20.1/3.21 VMware Workspace ONE Content contains a passcode bypass vulnerability. low complexity vmware CWE-306	6.8