Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2021-11-29 CVE-2021-44077 Missing Authentication for Critical Function vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-306
critical
 9.8
9.8
2021-11-23 CVE-2021-42783 Missing Authentication for Critical Function vulnerability in Dlink Dwr-932C E1 Firmware
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2021-11-01 CVE-2021-20136 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.3
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite.
network
low complexity
zohocorp CWE-306
critical
 9.8
9.8
2021-10-31 CVE-2021-33259 Missing Authentication for Critical Function vulnerability in D-Link Dir-868Lw Firmware 1.12B
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
network
low complexity
d-link CWE-306
5.3
5.3
2021-10-25 CVE-2021-37624 Missing Authentication for Critical Function vulnerability in Freeswitch
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware.
network
low complexity
freeswitch CWE-306
7.5
7.5
2021-10-22 CVE-2021-38457 Missing Authentication for Critical Function vulnerability in Auvesy Versiondog
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.
network
low complexity
auvesy CWE-306
critical
 9.8
9.8
2021-10-08 CVE-2021-41568 Missing Authentication for Critical Function vulnerability in TAD web Project TAD web 1.76
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.
network
low complexity
tad-web-project CWE-306
6.5
6.5
2021-10-08 CVE-2021-41974 Missing Authentication for Critical Function vulnerability in TAD Book3 Project TAD Book3
Tad Book3 editing book page does not perform identity verification.
network
low complexity
tad-book3-project CWE-306
critical
 9.1
9.1
2021-10-08 CVE-2021-41975 Missing Authentication for Critical Function vulnerability in Tadtools Project Tadtools
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
network
low complexity
tadtools-project CWE-306
critical
 9.1
9.1
2021-10-08 CVE-2021-41976 Missing Authentication for Critical Function vulnerability in TAD Uploader Project TAD Uploader 3.5.3
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.
network
low complexity
tad-uploader-project CWE-306
5.3
5.3