Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2025-02-08 CVE-2024-54176 IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
network
low complexity
CWE-306
4.3
2025-01-22 CVE-2024-12857 Missing Authentication for Critical Function vulnerability in Scriptsbundle Adforest
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8.
network
low complexity
scriptsbundle CWE-306
critical
9.8
2025-01-21 CVE-2025-24456 Missing Authentication for Critical Function vulnerability in Jetbrains HUB
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
network
low complexity
jetbrains CWE-306
8.8
2025-01-16 CVE-2025-0456 The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
network
low complexity
CWE-306
critical
9.8
2025-01-14 CVE-2024-35277 Missing Authentication for Critical Function vulnerability in Fortinet Fortimanager and Fortimanager Cloud
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets
network
low complexity
fortinet CWE-306
7.5
2024-12-31 CVE-2024-12106 Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
network
low complexity
progress CWE-306
7.5
2024-12-10 CVE-2024-11639 Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
network
low complexity
ivanti CWE-306
critical
9.8
2024-12-04 CVE-2024-54153 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
network
low complexity
jetbrains CWE-306
6.5
2024-12-04 CVE-2024-54155 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
network
low complexity
jetbrains CWE-306
5.3
2024-11-18 CVE-2024-0012 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-306
critical
9.8