| 2024-06-13 | CVE-2024-5952 | Missing Authentication for Critical Function vulnerability in Deepseaelectronics Dse855 Firmware 1.1.0
Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. | 6.5 |
| 2024-06-13 | CVE-2024-38279 | Missing Authentication for Critical Function vulnerability in Motorola Vigilant Fixed LPR Coms BOX Firmware
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | 4.6 |
| 2024-06-11 | CVE-2024-2013 | Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | 10.0 |
| 2024-06-06 | CVE-2024-22326 | Missing Authentication for Critical Function vulnerability in IBM Ds8900F Firmware
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. | 6.3 |
| 2024-06-06 | CVE-2024-37152 | Missing Authentication for Critical Function vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 7.5 |
| 2024-04-15 | CVE-2024-3777 | The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. network low complexity CWE-306 critical | 9.8 |
| 2024-04-09 | CVE-2023-1083 | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. network low complexity CWE-306 critical | 9.8 |
| 2024-03-12 | CVE-2024-25995 | An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. network low complexity CWE-306 critical | 9.8 |
| 2024-02-15 | CVE-2024-26263 | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | 5.3 |
| 2024-02-14 | CVE-2024-23783 | Missing Authentication for Critical Function vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | 8.8 |