Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2022-25508 | Missing Authentication for Critical Function vulnerability in Freetakserver-Ui Project Freetakserver-Ui 1.9.8 An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. | 7.5 |
| 2022-03-10 | CVE-2022-25922 | Missing Authentication for Critical Function vulnerability in Hegemonelectronics Plc4Trucks Firmware J2497 Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. | 9.1 |
| 2022-03-10 | CVE-2022-26143 | Missing Authentication for Critical Function vulnerability in Mitel Micollab and Mivoice Business Express The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). | 9.8 |
| 2022-03-10 | CVE-2022-20060 | Missing Authentication for Critical Function vulnerability in Google Android 10.0/11.0/12.0 In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. | 6.6 |
| 2022-03-04 | CVE-2021-46384 | Missing Authentication for Critical Function vulnerability in Mingsoft Mcms https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. | 9.8 |
| 2022-02-26 | CVE-2022-25359 | Missing Authentication for Critical Function vulnerability in Iclinks Scadaflex II Firmware and Weblib On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | 9.1 |
| 2022-02-24 | CVE-2020-10640 | Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 9.8 |
| 2022-02-14 | CVE-2021-46371 | Missing Authentication for Critical Function vulnerability in Antd-Admin Project Antd-Admin 5.5.0 antd-admin 5.5.0 is affected by an incorrect access control vulnerability. | 7.5 |
| 2022-02-14 | CVE-2022-0188 | Missing Authentication for Critical Function vulnerability in Niteothemes CMP The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout. | 5.3 |
| 2022-02-10 | CVE-2021-31814 | Missing Authentication for Critical Function vulnerability in Stormshield Network Security In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | 6.1 |