Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-50714 | Improper Authentication vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 8.8 |
| 2023-12-22 | CVE-2023-49790 | Improper Authentication vulnerability in Nextcloud The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. | 4.3 |
| 2023-12-22 | CVE-2023-51708 | Improper Authentication vulnerability in Bentley products Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. | 8.6 |
| 2023-12-21 | CVE-2023-6847 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. | 7.5 |
| 2023-12-21 | CVE-2023-51442 | Improper Authentication vulnerability in Navidrome Navidrome is an open source web-based music collection server and streamer. | 8.6 |
| 2023-12-20 | CVE-2023-6768 | Improper Authentication vulnerability in Mr-Corner Amazing Little Poll 1.3/1.4 Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. | 9.8 |
| 2023-12-20 | CVE-2023-37544 | Improper Authentication vulnerability in Apache Pulsar Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions. | 7.5 |
| 2023-12-18 | CVE-2023-6483 | Improper Authentication vulnerability in Aditaas Allied Digital Integrated Tool-As-A-Service 5.1 The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. | 9.8 |
| 2023-12-18 | CVE-2023-6907 | Improper Authentication vulnerability in Codelyfe Stupid Simple CMS A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. | 9.1 |
| 2023-12-13 | CVE-2023-49646 | Improper Authentication vulnerability in Zoom products Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | 6.5 |