Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-24935 Missing Authentication for Critical Function vulnerability in Lexmark Firmware
Lexmark products through 2022-02-10 have Incorrect Access Control.
network
low complexity
lexmark CWE-306
7.5
2022-04-28 CVE-2022-28719 Missing Authentication for Critical Function vulnerability in Hammock Assetview 9.2
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
network
low complexity
hammock CWE-306
critical
9.8
2022-04-27 CVE-2022-27332 Missing Authentication for Critical Function vulnerability in Zammad
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication.
network
low complexity
zammad CWE-306
critical
9.1
2022-04-19 CVE-2022-0992 Missing Authentication for Critical Function vulnerability in Siteground Security Optimizer
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts.
network
low complexity
siteground CWE-306
critical
9.8
2022-04-19 CVE-2022-0993 Missing Authentication for Critical Function vulnerability in Siteground Security
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success.
network
low complexity
siteground CWE-306
critical
9.8
2022-04-12 CVE-2022-0140 Missing Authentication for Critical Function vulnerability in Vfbpro Visual Form Builder
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
network
low complexity
vfbpro CWE-306
5.3
2022-04-12 CVE-2022-0878 Missing Authentication for Critical Function vulnerability in Combined Charging System Project Combined Charging System Firmware
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging.
6.5
2022-04-08 CVE-2022-24820 Missing Authentication for Critical Function vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-306
5.3
2022-04-08 CVE-2021-43483 Missing Authentication for Critical Function vulnerability in Claro Kaon Cg3000 Firmware 1.00.67
An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.
low complexity
claro CWE-306
8.0
2022-04-07 CVE-2020-27376 Missing Authentication for Critical Function vulnerability in Drtrustusa Icheck Connect BP Monitor BP Testing 118 Firmware 1.2.1
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.
low complexity
drtrustusa CWE-306
8.8