Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2023-29117 Improper Authentication vulnerability in Enelx Waybox PRO Firmware
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
low complexity
enelx CWE-287
8.8
2024-10-28 CVE-2024-50478 Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
network
low complexity
swoopnow CWE-287
critical
9.8
2024-10-23 CVE-2024-9947 Improper Authentication vulnerability in Properfraction Profilepress
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1.
network
low complexity
properfraction CWE-287
critical
9.8
2024-10-23 CVE-2024-9927 Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5.
network
low complexity
wpovernight CWE-287
7.2
2024-10-17 CVE-2024-9683 Improper Authentication vulnerability in Redhat Quay 3.0.0
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided.
network
low complexity
redhat CWE-287
5.3
2024-10-16 CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6.
network
low complexity
CWE-287
critical
9.8
2024-10-04 CVE-2024-43685 Improper Authentication vulnerability in Microchip Timeprovider 4100 Firmware
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
network
low complexity
microchip CWE-287
critical
9.8
2024-09-26 CVE-2024-47125 Improper Authentication vulnerability in Gotenna PRO
The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages.
low complexity
gotenna CWE-287
5.4
2024-09-26 CVE-2024-47127 Improper Authentication vulnerability in Gotenna PRO
In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks.
high complexity
gotenna CWE-287
3.1
2024-09-17 CVE-2024-8956 Improper Authentication vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue.
network
low complexity
ptzoptics CWE-287
critical
9.1