Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9984 Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
network
low complexity
ragic CWE-306
critical
 9.8
9.8
2024-10-10 CVE-2024-9522 Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0.
network
low complexity
lagunaisw CWE-306
8.8
8.8
2024-10-02 CVE-2024-35294 An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
network
low complexity
CWE-306
6.5
6.5
2024-10-02 CVE-2024-35293 An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
network
low complexity
CWE-306
critical
 9.1
9.1
2024-10-01 CVE-2024-9289 Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1.
network
low complexity
redefiningtheweb CWE-306
critical
 9.8
9.8
2024-09-30 CVE-2024-8456 Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
network
low complexity
planet CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2024-47130 Missing Authentication for Critical Function vulnerability in Gotenna PRO
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages.
low complexity
gotenna CWE-306
6.5
6.5
2024-09-26 CVE-2024-7781 Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5.
network
low complexity
artbees CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2023-52947 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors.
local
low complexity
synology CWE-306
3.3
3.3
2024-09-26 CVE-2023-52949 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-306
5.5
5.5