VYPR

CWE-306

Missing Authentication for Critical Function

BaseDraftLikelihood: High

Description

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-166 · CAPEC-216 · CAPEC-36 · CAPEC-62

CVEs mapped to this weakness (964)

page 15 of 49
  • CVE-2025-44005CriDec 17, 2025
    risk 0.58cvss 10.0epss 0.03

    An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.

  • CVE-2013-10046HigAug 1, 2025
    risk 0.58cvss epss 0.00

    A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated…

  • CVE-2016-15045HigJul 23, 2025
    risk 0.58cvss epss 0.00

    A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user…

  • CVE-2025-1701HigJun 4, 2025
    risk 0.58cvss epss 0.01

    CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only…

  • CVE-2024-56799CriDec 30, 2024
    risk 0.58cvss 10.0epss 0.01

    Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.

  • CVE-2017-5637HigOct 10, 2017
    risk 0.58cvss 7.5epss 0.74

    Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue,…

  • CVE-2026-0647HigJun 16, 2026
    risk 0.57cvss epss 0.00

    An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any…

  • CVE-2026-42074CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.01

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own…

  • CVE-2026-44649CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik)…

  • CVE-2026-5768HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping…

  • CVE-2026-49195HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

  • CVE-2026-46827HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2026-46826HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle…

  • CVE-2026-45044HigMay 28, 2026
    risk 0.57cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials.…

  • CVE-2026-8697HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.01

    Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. …

  • CVE-2026-45083CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and…

  • CVE-2026-44830HigMay 27, 2026
    risk 0.57cvss epss 0.00

    Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and…

  • CVE-2026-44668CriMay 26, 2026
    risk 0.57cvss 9.8epss 0.00

    FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid session. Four action methods in…

  • CVE-2026-42289HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when…

  • CVE-2026-5029HigMay 12, 2026
    risk 0.57cvss epss 0.00

    A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply…