Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-15895 | Missing Authentication for Critical Function vulnerability in Search Exclude Project Search Exclude search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. | 7.5 |
| 2019-09-09 | CVE-2019-10668 | Missing Authentication for Critical Function vulnerability in Librenms An issue was discovered in LibreNMS through 1.47. | 9.1 |
| 2019-09-06 | CVE-2019-15102 | Missing Authentication for Critical Function vulnerability in Sahipro Sahi PRO An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. | 9.8 |
| 2019-09-03 | CVE-2019-15043 | Missing Authentication for Critical Function vulnerability in Grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. | 7.5 |
| 2019-09-03 | CVE-2019-15858 | Missing Authentication for Critical Function vulnerability in Webcraftic Woody AD Snippets admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. | 8.8 |
| 2019-08-30 | CVE-2019-15819 | Missing Authentication for Critical Function vulnerability in Restaurant Reservations Project Restaurant Reservations The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. | 9.8 |
| 2019-08-29 | CVE-2019-13406 | Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware 230 A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. | 7.5 |
| 2019-08-29 | CVE-2019-13405 | Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware 230 A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. | 9.8 |
| 2019-08-29 | CVE-2019-11063 | Missing Authentication for Critical Function vulnerability in Asus Smarthome A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. | 8.8 |
| 2019-08-29 | CVE-2019-11061 | Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06 A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. | 8.1 |