Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-29	CVE-2022-29934	Missing Authentication for Critical Function vulnerability in USU Oracle Optimization 5.16.2 USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. local low complexity usu CWE-306	7.8
2022-04-28	CVE-2022-24935	Missing Authentication for Critical Function vulnerability in Lexmark Firmware Lexmark products through 2022-02-10 have Incorrect Access Control. network low complexity lexmark CWE-306	7.5
2022-04-28	CVE-2022-28719	Missing Authentication for Critical Function vulnerability in Hammock Assetview 9.2 Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. network low complexity hammock CWE-306 critical	9.8
2022-04-27	CVE-2022-27332	Missing Authentication for Critical Function vulnerability in Zammad An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. network low complexity zammad CWE-306 critical	9.1
2022-04-25	CVE-2021-25094	Missing Authentication for Critical Function vulnerability in Brandexponents Tatsu The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. network high complexity brandexponents CWE-306	8.1
2022-04-19	CVE-2022-0992	Missing Authentication for Critical Function vulnerability in Siteground Security Optimizer The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. network low complexity siteground CWE-306 critical	9.8
2022-04-19	CVE-2022-0993	Missing Authentication for Critical Function vulnerability in Siteground Security The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. network low complexity siteground CWE-306 critical	9.8
2022-04-12	CVE-2022-0140	Missing Authentication for Critical Function vulnerability in Vfbpro Visual Form Builder The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. network low complexity vfbpro CWE-306	5.3
2022-04-12	CVE-2022-0878	Missing Authentication for Critical Function vulnerability in Combined Charging System Project Combined Charging System Firmware Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. low complexity combined-charging-system-project CWE-306	6.5
2022-04-11	CVE-2022-24829	Missing Authentication for Critical Function vulnerability in Garden Garden is an automation platform for Kubernetes development and testing. network low complexity garden CWE-306 critical	9.8