| 2024-11-20 | CVE-2024-11494 | **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method. | 7.5 |
| 2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0
A vulnerability was found in Apereo CAS 6.6. | 9.8 |
| 2024-11-07 | CVE-2024-10963 | A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. | 7.4 |
| 2024-11-05 | CVE-2023-29117 | Improper Authentication vulnerability in Enelx Waybox PRO Firmware
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | 8.8 |
| 2024-10-28 | CVE-2024-50478 | Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | 9.8 |
| 2024-10-23 | CVE-2024-9947 | Improper Authentication vulnerability in Properfraction Profilepress
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. | 9.8 |
| 2024-10-23 | CVE-2024-9927 | Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. | 7.2 |
| 2024-10-16 | CVE-2020-36832 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. network low complexity CWE-287 critical | 9.8 |
| 2024-10-04 | CVE-2024-43685 | Improper Authentication vulnerability in Microchip Timeprovider 4100 Firmware
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 9.8 |
| 2024-09-26 | CVE-2024-47125 | Improper Authentication vulnerability in Gotenna PRO
The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |