Lucene search
+L

48 matches found

RedhatCVE
RedhatCVE
added 2025/08/22 4:35 p.m.8 views

CVE-2025-8611

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...

9.8CVSS8.6AI score0.00774EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/13 6:29 p.m.9 views

CVE-2025-53191

Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before 3.08.04-s01...

8.4CVSS7.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 9:16 a.m.20 views

CVE-2025-5192

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions...

9.3CVSS7AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:4 a.m.14 views

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

8.8CVSS7.1AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/27 5:8 a.m.14 views

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

7CVSS7.1AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/18 11:3 a.m.13 views

CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...

9.1CVSS8AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/05 12:2 a.m.19 views

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

9.8CVSS0.00522EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.7 views

The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.6CVSS8.4AI score0.01632EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 2:42 p.m.7 views

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

7.5CVSS7.5AI score0.00539EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.30 views

CVE-2025-26363

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...

7.5CVSS0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:43 a.m.8 views

CVE-2024-50375

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote unauthenticated users capable of interacting...

9.8CVSS7.5AI score0.01026EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/04 10:13 p.m.6 views

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

9.1CVSS7.5AI score0.00625EPSS
Exploits0References1
CVE
CVE
added 2024/10/11 1:55 p.m.40 views

CVE-2024-8530

Schneider Electric Data Center Expert suffers a Missing Authentication for Critical Function (CWE-306) vulnerability that could disclose private data when a pre-generated logcaptures archive is accessed via HTTPS. Affected: Data Center Expert (versions up to 8.1.1.3 and prior). Root cause: lack o...

5.9CVSS5.9AI score0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/26 3:0 p.m.27 views

CVE-2024-32764 myQNAPcloud Link

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

9.9CVSS9.7AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2024/04/12 4:15 p.m.5 views

CVE-2024-30391

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...

6.3CVSS5.9AI score0.00438EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/12 3:25 p.m.14 views

CVE-2024-30391 Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...

6.3CVSS7.3AI score0.00438EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/13 12:0 a.m.36 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

5.3CVSS7.8AI score0.94205EPSS
In wildExploits4
Prion
Prion
added 2023/09/14 9:15 a.m.14 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

4.3CVSS7.5AI score0.00173EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/31 4:15 p.m.26 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

6.8CVSS8.8AI score0.00454EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS6.4AI score0.84692EPSS
In wildExploits2References3Affected Software1
Rows per page
Query Builder