Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-38279 Missing Authentication for Critical Function vulnerability in Motorola Vigilant Fixed LPR Coms BOX Firmware
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
low complexity
motorola CWE-306
4.6
2024-06-11 CVE-2024-2013 Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
network
low complexity
hitachienergy CWE-306
critical
10.0
2024-06-06 CVE-2024-22326 Missing Authentication for Critical Function vulnerability in IBM Ds8900F Firmware
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.
network
low complexity
ibm CWE-306
6.3
2024-06-06 CVE-2024-37152 Missing Authentication for Critical Function vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-306
7.5
2024-03-15 CVE-2024-2450 Missing Authentication for Critical Function vulnerability in Mattermost Server
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.
network
low complexity
mattermost CWE-306
8.8
2024-02-18 CVE-2022-48621 Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei CWE-306
7.5
2024-02-14 CVE-2024-25618 Missing Authentication for Critical Function vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
high complexity
joinmastodon CWE-306
7.4
2024-02-14 CVE-2024-23783 Missing Authentication for Critical Function vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
low complexity
sharp CWE-306
8.8
2024-02-06 CVE-2023-40545 Missing Authentication for Critical Function vulnerability in Pingidentity Pingfederate 11.3.0
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
network
low complexity
pingidentity CWE-306
critical
9.8
2024-02-06 CVE-2024-23917 Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
network
low complexity
jetbrains CWE-306
critical
9.8