Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-5376 | Improper Authentication vulnerability in Korenix products An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. | 9.1 |
| 2024-01-09 | CVE-2023-51717 | Improper Authentication vulnerability in Dataiku Data Science Studio Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | 9.8 |
| 2024-01-07 | CVE-2023-7211 | Improper Authentication vulnerability in Uniwayinfo products A vulnerability was found in Uniway Router 2.0. | 8.1 |
| 2024-01-04 | CVE-2024-20803 | Improper Authentication vulnerability in Samsung Android 11.0/12.0 Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | 6.5 |
| 2023-12-29 | CVE-2023-7079 | Improper Authentication vulnerability in Cloudflare Wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. | 5.7 |
| 2023-12-29 | CVE-2023-31292 | Improper Authentication vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | 5.5 |
| 2023-12-27 | CVE-2023-40038 | Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. | 8.8 |
| 2023-12-27 | CVE-2023-4641 | Improper Authentication vulnerability in multiple products A flaw was found in shadow-utils. | 5.5 |
| 2023-12-26 | CVE-2023-6155 | Improper Authentication vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | 5.3 |
| 2023-12-25 | CVE-2022-34267 | Improper Authentication vulnerability in RWS Worldserver An issue was discovered in RWS WorldServer before 11.7.3. | 9.8 |