Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-12264 The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3.
network
low complexity
CWE-287
critical
9.8
2024-12-18 CVE-2024-12287 The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2.
network
low complexity
CWE-287
critical
9.8
2024-12-12 CVE-2024-10111 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3.
network
high complexity
CWE-287
8.1
2024-12-12 CVE-2024-11015 The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.
network
low complexity
CWE-287
critical
9.8
2024-12-11 CVE-2024-47761 Improper Authentication vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-287
7.2
2024-11-26 CVE-2016-10394 Improper Authentication vulnerability in Qualcomm products
Initial xbl_sec revision does not have all the debug policy features and critical checks.
local
low complexity
qualcomm CWE-287
7.8
2024-11-26 CVE-2018-11952 Improper Authentication vulnerability in Qualcomm products
An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
local
low complexity
qualcomm CWE-287
7.8
2024-11-14 CVE-2024-11209 Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0
A vulnerability was found in Apereo CAS 6.6.
network
low complexity
apereo CWE-287
critical
9.8
2024-11-05 CVE-2023-29117 Improper Authentication vulnerability in Enelx Waybox PRO Firmware
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
low complexity
enelx CWE-287
8.8
2024-10-28 CVE-2024-50478 Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
network
low complexity
swoopnow CWE-287
critical
9.8