CVE-2025-41651

Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise...

CVE-2025-48746

Netwrix Directory Manager formerly Imanami GroupID v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function...

CVE-2025-22252

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin...

CVE-2025-48746

Netwrix Directory Manager formerly Imanami GroupID v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function...

CVE-2025-48746

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and earlier, and post-v11.1.25134.03, lack authentication for a critical function. Root cause beyond “lack of authentication” is not detailed in the provided sources. CVSSv3.1 base score 6.5 (NETWORK, LOW confidentiality/integrity imp...

CVE-2024-43272

Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

CVE-2024-8530

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS...

CVE-2024-38643

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

CVE-2023-22441

Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versio...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-37226

Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function...

CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

CVE-2023-23906

Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product...

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

The vulnerability of GRUB, a software solution for monitoring the status of industrial systems like B&R APROL, allows an intruder to influence the confidentiality, integrity, and accessibility of protected information.

The vulnerability of GRUB, a software solution for monitoring the status of B&R APROL industrial systems, lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to influence the confidentiality, integrity, and accessibility of protecte...

CVE-2022-4018

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

CVE-2022-3327

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...