Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-35294 An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
network
low complexity
CWE-306
6.5
6.5
2024-10-02 CVE-2024-35293 An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
network
low complexity
CWE-306
critical
 9.1
9.1
2024-10-01 CVE-2024-9289 Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1.
network
low complexity
redefiningtheweb CWE-306
critical
 9.8
9.8
2024-09-30 CVE-2024-8456 Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
network
low complexity
planet CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2024-47130 Missing Authentication for Critical Function vulnerability in Gotenna PRO
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages.
low complexity
gotenna CWE-306
6.5
6.5
2024-09-26 CVE-2024-7781 Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5.
network
low complexity
artbees CWE-306
critical
 9.8
9.8
2024-09-26 CVE-2023-52947 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors.
local
low complexity
synology CWE-306
3.3
3.3
2024-09-26 CVE-2023-52949 Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
local
low complexity
synology CWE-306
5.5
5.5
2024-09-18 CVE-2022-25770 Missing Authentication for Critical Function vulnerability in Acquia Mautic
Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
network
low complexity
acquia CWE-306
7.5
7.5
2024-09-13 CVE-2024-6582 Missing Authentication for Critical Function vulnerability in Lunary
A broken access control vulnerability exists in the latest version of lunary-ai/lunary.
network
low complexity
lunary CWE-306
4.3
4.3