Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-25966 | Missing Authentication for Critical Function vulnerability in Sectona Spectra 3.2.0 Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. | 7.5 |
| 2020-10-21 | CVE-2018-11764 | Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0 Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. | 8.8 |
| 2020-10-20 | CVE-2020-7370 | Missing Authentication for Critical Function vulnerability in Boltbrowser Bolt Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
| 2020-10-20 | CVE-2020-7369 | Missing Authentication for Critical Function vulnerability in Yandex Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
| 2020-10-14 | CVE-2020-25824 | Missing Authentication for Critical Function vulnerability in Telegram Desktop Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. | 2.4 |
| 2020-10-08 | CVE-2020-15243 | Missing Authentication for Critical Function vulnerability in Smartstore 4.0.0/4.0.1 Affected versions of Smartstore have a missing WebApi Authentication attribute. | 9.8 |
| 2020-10-08 | CVE-2020-26567 | Missing Authentication for Critical Function vulnerability in Dlink Dsr-250N Firmware An issue was discovered on D-Link DSR-250N before 3.17B devices. | 5.5 |
| 2020-10-08 | CVE-2020-3598 | Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. | 6.5 |
| 2020-10-07 | CVE-2020-26876 | Missing Authentication for Critical Function vulnerability in Wpcoursesplugin Wp-Courses 2.0.27 The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. | 7.5 |
| 2020-10-06 | CVE-2020-26599 | Missing Authentication for Critical Function vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 5.3 |