Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-9683 | Improper Authentication vulnerability in Redhat Quay 3.0.0 A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. | 5.3 |
| 2024-10-16 | CVE-2020-36832 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. | 9.8 |
| 2024-10-04 | CVE-2024-43685 | Improper Authentication vulnerability in Microchip Timeprovider 4100 Firmware Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 9.8 |
| 2024-09-26 | CVE-2024-47125 | Improper Authentication vulnerability in Gotenna PRO The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |
| 2024-09-26 | CVE-2024-47127 | Improper Authentication vulnerability in Gotenna PRO In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 3.1 |
| 2024-09-17 | CVE-2024-8956 | Improper Authentication vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. | 9.1 |
| 2024-09-17 | CVE-2024-44202 | Improper Authentication vulnerability in Apple Iphone OS An authentication issue was addressed with improved state management. | 5.3 |
| 2024-09-13 | CVE-2024-45113 | Improper Authentication vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 7.5 |
| 2024-09-11 | CVE-2024-8642 | Improper Authentication vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. | 8.1 |
| 2024-09-06 | CVE-2023-45038 | Improper Authentication vulnerability in Qnap Music Station An improper authentication vulnerability has been reported to affect Music Station. | 8.8 |