CVE-2024-50375

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote unauthenticated users capable of interacting...

CVE-2024-31218

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2025-0355

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3...

PT-2025-3848 · Nec · Aterm Wf1200Cr +7

Name of the Vulnerable Software and Affected Versions: NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier NEC Corporation Aterm WF1200CRS versions 1.6.0 and earlier NEC Corporation Aterm WG1200CRS versions 1.5.0 and earlier NEC Corporation Aterm GB1200PE versions 1.3.0 and earlier NEC...

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability

Talos Vulnerability Report TALOS-2024-2036 Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39608 SUMMARY A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Veeam Backup & Replication’s protection tools for cloud, virtual, and physical systems stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileges...

Missing Authentication For Critical Function

Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

PoC Authentication Bypass MFA Really Simple Security WordPress...

The vulnerability of the monitoring and policy auditing software Azure PolicyWatch on the Microsoft Azure cloud platform lies in the lack of authenticity verification for a critical function, allowing attackers to escalate their privileges.

The vulnerability of the Azure PolicyWatch monitoring and policy auditing software on the Microsoft Azure cloud platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileg...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

CVE-2019-17082

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control...

CVE-2024-38643

CVE-2024-38643 affects QNAP Notes Station 3. The issue is a missing authentication for a critical function, allowing remote attackers to gain access to and execute certain functions. The vulnerability is documented with a high impact and network-based attack vector (CVSS 3.1/4.0 metrics indicate ...

CVE-2024-38643 Notes Station 3

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

For more PoC details, see: https://pc.fenchuan8.com//index?fo...

PT-2024-8761 · Myscada · Myscada Mypro Manager +1

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions affected versions not specified mySCADA myPRO Manager versions affected versions not specified Description: The issue is related to a lack of authentication for a critical function used in the operating system command...

CVE-2024-52438

Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.This issue affects de:branding: from n/a through = 1.0.2...

CVE-2024-52437

Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through = 1.0.0...