Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-09-30 CVE-2024-8456 Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
network
low complexity
planet CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2024-47130 Missing Authentication for Critical Function vulnerability in Gotenna PRO
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages.
low complexity
gotenna CWE-306
6.5
6.5
2024-09-26 CVE-2024-7781 Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5.
network
low complexity
artbees CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2023-52947 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors.
local
low complexity
synology CWE-306
3.3
3.3
2024-09-26 CVE-2023-52949 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-306
5.5
5.5
2024-09-13 CVE-2024-6582 Missing Authentication for Critical Function vulnerability in Lunary
A broken access control vulnerability exists in the latest version of lunary-ai/lunary.
network
low complexity
lunary CWE-306
4.3
4.3
2024-09-11 CVE-2024-8277 Missing Authentication for Critical Function vulnerability in Villatheme Woocommerce Photo Reviews
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2.
network
low complexity
villatheme CWE-306
critical
 9.8
9.8
2024-09-10 CVE-2024-8012 Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-306
7.8
7.8
2024-09-10 CVE-2024-8320 Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
network
low complexity
ivanti CWE-306
5.3
5.3
2024-09-10 CVE-2024-8321 Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
network
low complexity
ivanti CWE-306
8.6
8.6