Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-02 | CVE-2024-35294 | An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | 6.5 |
2024-10-02 | CVE-2024-35293 | An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | 9.1 |
2024-10-01 | CVE-2024-9289 | Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. | 9.8 |
2024-09-30 | CVE-2024-8456 | Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | 9.8 |
2024-09-26 | CVE-2024-47130 | Missing Authentication for Critical Function vulnerability in Gotenna PRO The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. | 6.5 |
2024-09-26 | CVE-2024-7781 | Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. | 9.8 |
2024-09-26 | CVE-2023-52947 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. | 3.3 |
2024-09-26 | CVE-2023-52949 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.5 |
2024-09-18 | CVE-2022-25770 | Missing Authentication for Critical Function vulnerability in Acquia Mautic Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. | 7.5 |
2024-09-13 | CVE-2024-6582 | Missing Authentication for Critical Function vulnerability in Lunary A broken access control vulnerability exists in the latest version of lunary-ai/lunary. | 4.3 |