VYPR

CWE-306

Missing Authentication for Critical Function

BaseDraftLikelihood: High

Description

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-166 · CAPEC-216 · CAPEC-36 · CAPEC-62

CVEs mapped to this weakness (964)

page 20 of 49
  • CVE-2025-23356HigOct 14, 2025
    risk 0.55cvss 8.4epss 0.00

    NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

  • CVE-2025-61928CriOct 9, 2025
    risk 0.55cvss epss 0.18

    Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ??…

  • CVE-2025-11130HigSep 29, 2025
    risk 0.55cvss 8.4epss 0.00

    A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed…

  • CVE-2025-10906HigSep 24, 2025
    risk 0.55cvss 8.4epss 0.00

    A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface.…

  • CVE-2025-30215CriApr 16, 2025
    risk 0.55cvss 9.6epss 0.01

    NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this…

  • CVE-2024-12957HigJan 23, 2025
    risk 0.55cvss epss 0.00

    A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2024-6406HigSep 18, 2024
    risk 0.55cvss epss 0.00

    Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affects Mobile Library Application: before 5.0.

  • CVE-2024-27169HigJun 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL.

  • CVE-2017-8155HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.00

    The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the…

  • CVE-2026-49973CriJun 11, 2026
    risk 0.54cvss 9.4epss 0.01

    Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to the settings API endpoint without any network origin restriction. Attackers on…

  • CVE-2026-45567HigJun 10, 2026
    risk 0.54cvss 8.3epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available…

  • CVE-2026-42569CriMay 9, 2026
    risk 0.54cvss 9.4epss 0.01

    phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.

  • CVE-2025-13779HigMar 13, 2026
    risk 0.54cvss 8.3epss 0.00

    Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

  • CVE-2025-27256HigMar 10, 2025
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…

  • CVE-2024-47555HigOct 7, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication - User & System Configuration

  • CVE-2004-0213HigAug 6, 2004
    risk 0.54cvss 7.8epss 0.21

    Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…

  • CVE-2026-36603HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN…

  • CVE-2026-24088HigJun 1, 2026
    risk 0.53cvss 8.2epss 0.00

    Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

  • CVE-2026-44895CriMay 26, 2026
    risk 0.53cvss epss 0.00

    GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a…

  • CVE-2026-48692HigMay 26, 2026
    risk 0.53cvss 8.1epss 0.00

    FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the…