Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-08 | CVE-2020-3598 | Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. | 6.5 |
| 2020-10-07 | CVE-2020-26876 | Missing Authentication for Critical Function vulnerability in Wpcoursesplugin Wp-Courses 2.0.27 The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. | 7.5 |
| 2020-10-06 | CVE-2020-26599 | Missing Authentication for Critical Function vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 5.3 |
| 2020-10-06 | CVE-2020-24217 | Missing Authentication for Critical Function vulnerability in multiple products An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. | 9.8 |
| 2020-10-05 | CVE-2020-6875 | Missing Authentication for Critical Function vulnerability in ZTE Zxone 19700 Snpe Firmware Zxone8700V1.40R2B13Snpe A ZTE product is impacted by the improper access control vulnerability. | 9.8 |
| 2020-10-05 | CVE-2020-26061 | Missing Authentication for Critical Function vulnerability in Clickstudios Passwordstate 8.3 ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. | 7.5 |
| 2020-10-02 | CVE-2020-12127 | Missing Authentication for Critical Function vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 7.5 |
| 2020-10-01 | CVE-2020-9487 | Missing Authentication for Critical Function vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. | 7.5 |
| 2020-09-30 | CVE-2020-19670 | Missing Authentication for Critical Function vulnerability in Niushop 1.11 In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | 4.9 |
| 2020-09-30 | CVE-2020-12506 | Missing Authentication for Critical Function vulnerability in Wago products Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. | 9.1 |