Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2025-02-04 CVE-2025-0890 **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.
network
low complexity
CWE-287
critical
9.8
2025-01-08 CVE-2023-52955 Improper Authentication vulnerability in Huawei Emui and Harmonyos
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
network
low complexity
huawei CWE-287
7.5
2025-01-08 CVE-2024-56445 Improper Authentication vulnerability in Huawei Harmonyos 5.0.0
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
network
low complexity
huawei CWE-287
5.3
2025-01-07 CVE-2024-12264 The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3.
network
low complexity
CWE-287
critical
9.8
2024-12-18 CVE-2024-12287 The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2.
network
low complexity
CWE-287
critical
9.8
2024-12-12 CVE-2024-10111 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3.
network
high complexity
CWE-287
8.1
2024-12-12 CVE-2024-11015 The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.
network
low complexity
CWE-287
critical
9.8
2024-12-11 CVE-2024-47761 Improper Authentication vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-287
7.2
2024-11-26 CVE-2016-10394 Improper Authentication vulnerability in Qualcomm products
Initial xbl_sec revision does not have all the debug policy features and critical checks.
local
low complexity
qualcomm CWE-287
7.8
2024-11-26 CVE-2018-11952 Improper Authentication vulnerability in Qualcomm products
An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
local
low complexity
qualcomm CWE-287
7.8