Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-7745 Improper Authentication vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
network
low complexity
progress CWE-287
8.1
2024-08-27 CVE-2024-8181 Improper Authentication vulnerability in Flowiseai Flowise 1.8.2
An Authentication Bypass vulnerability exists in Flowise version 1.8.2.
network
low complexity
flowiseai CWE-287
8.1
2024-08-26 CVE-2024-7401 Improper Authentication vulnerability in Netskope
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter.
network
low complexity
netskope CWE-287
7.5
2024-08-20 CVE-2024-43409 Improper Authentication vulnerability in Ghost
Ghost is a Node.js content management system.
network
low complexity
ghost CWE-287
6.5
2024-08-20 CVE-2024-42336 Improper Authentication vulnerability in Servision IVG Webmax 1.0.57
Servision - CWE-287: Improper Authentication
network
low complexity
servision CWE-287
critical
9.8
2024-08-16 CVE-2024-42462 Improper Authentication vulnerability in Upkeeper Manager
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
network
low complexity
upkeeper CWE-287
critical
9.8
2024-08-15 CVE-2024-31800 Improper Authentication vulnerability in Gncchome Gncc C2 Firmware
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
low complexity
gncchome CWE-287
6.8
2024-08-14 CVE-2024-25157 Improper Authentication vulnerability in Fortra Goanywhere Managed File Transfer
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages.
network
low complexity
fortra CWE-287
6.5
2024-08-14 CVE-2024-37028 Improper Authentication vulnerability in F5 Big-Ip Next Central Manager
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-287
5.3
2024-08-13 CVE-2024-7593 Improper Authentication vulnerability in Ivanti Virtual Traffic Management
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
network
low complexity
ivanti CWE-287
critical
9.8