Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-41968 A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
network
low complexity
CWE-306
5.4
2024-11-18 CVE-2024-41969 A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
network
low complexity
CWE-306
8.8
2024-11-15 CVE-2024-10924 Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.
network
low complexity
really-simple-plugins CWE-306
critical
9.8
2024-11-13 CVE-2024-47574 Missing Authentication for Critical Function vulnerability in Fortinet Forticlient
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
local
low complexity
fortinet CWE-306
7.8
2024-11-12 CVE-2024-26011 Missing Authentication for Critical Function vulnerability in Fortinet products
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-306
critical
9.8
2024-11-12 CVE-2024-7516 Missing Authentication for Critical Function vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
high complexity
broadcom CWE-306
7.1
2024-11-09 CVE-2024-10284 Missing Authentication for Critical Function vulnerability in Ce21 Suite
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0.
network
low complexity
ce21 CWE-306
critical
9.8
2024-11-05 CVE-2024-51493 Missing Authentication for Critical Function vulnerability in Octoprint
OctoPrint provides a web interface for controlling consumer 3D printers.
network
low complexity
octoprint CWE-306
6.5
2024-10-31 CVE-2024-9430 The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0.
network
low complexity
CWE-306
5.3
2024-10-29 CVE-2024-51567 Missing Authentication for Critical Function vulnerability in Cyberpanel
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX.
network
low complexity
cyberpanel CWE-306
critical
9.8