Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6. | 9.8 |
| 2024-11-05 | CVE-2023-29117 | Improper Authentication vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | 8.8 |
| 2024-10-28 | CVE-2024-50478 | Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5 Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | 9.8 |
| 2024-10-23 | CVE-2024-9947 | Improper Authentication vulnerability in Properfraction Profilepress The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. | 9.8 |
| 2024-10-23 | CVE-2024-9927 | Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. | 7.2 |
| 2024-10-17 | CVE-2024-9683 | Improper Authentication vulnerability in Redhat Quay 3.0.0 A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. | 5.3 |
| 2024-10-16 | CVE-2020-36832 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. | 9.8 |
| 2024-10-04 | CVE-2024-43685 | Improper Authentication vulnerability in Microchip Timeprovider 4100 Firmware Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 9.8 |
| 2024-09-26 | CVE-2024-47125 | Improper Authentication vulnerability in Gotenna PRO The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |
| 2024-09-26 | CVE-2024-47127 | Improper Authentication vulnerability in Gotenna PRO In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 3.1 |