Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-40038 Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access.
low complexity
arris CWE-287
8.8
2023-12-27 CVE-2023-4641 Improper Authentication vulnerability in multiple products
A flaw was found in shadow-utils.
local
low complexity
shadow-maint redhat CWE-287
5.5
2023-12-26 CVE-2023-6155 Improper Authentication vulnerability in Ays-Pro Quiz Maker
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
network
low complexity
ays-pro CWE-287
5.3
2023-12-25 CVE-2022-34267 Improper Authentication vulnerability in RWS Worldserver
An issue was discovered in RWS WorldServer before 11.7.3.
network
low complexity
rws CWE-287
critical
9.8
2023-12-25 CVE-2023-31224 Improper Authentication vulnerability in Jamf
There is broken access control during authentication in Jamf Pro Server before 10.46.1.
network
low complexity
jamf CWE-287
critical
9.8
2023-12-22 CVE-2023-50714 Improper Authentication vulnerability in Yiiframework Yii2-Authclient
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0.
network
low complexity
yiiframework CWE-287
8.8
2023-12-22 CVE-2023-51708 Improper Authentication vulnerability in Bentley products
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure.
network
low complexity
bentley CWE-287
8.6
2023-12-21 CVE-2023-6847 Improper Authentication vulnerability in Github Enterprise Server
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request.
network
low complexity
github CWE-287
7.5
2023-12-18 CVE-2023-6483 Improper Authentication vulnerability in Aditaas Allied Digital Integrated Tool-As-A-Service 5.1
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API.
network
low complexity
aditaas CWE-287
critical
9.8
2023-12-13 CVE-2023-49646 Improper Authentication vulnerability in Zoom products
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
network
low complexity
zoom CWE-287
6.5