Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2023-04-18 | CVE-2021-40506 | Improper Authentication vulnerability in Openrisc Or1200 Firmware An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. | 9.8 |
| 2023-04-18 | CVE-2021-40507 | Improper Authentication vulnerability in Openrisc Or1200 Firmware An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. | 9.8 |
| 2023-04-15 | CVE-2023-2027 | Improper Authentication vulnerability in ZM Ajax Login & Register Project ZM Ajax Login & Register The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. | 9.8 |
| 2023-04-14 | CVE-2023-25597 | Improper Authentication vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. | 5.9 |
| 2023-04-14 | CVE-2022-45173 | Improper Authentication vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 9.8 |
| 2023-04-14 | CVE-2022-45174 | Improper Authentication vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 9.8 |
| 2023-04-14 | CVE-2023-1617 | Improper Authentication vulnerability in Br-Automation VC4 Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. | 9.8 |
| 2023-04-12 | CVE-2023-28121 | Improper Authentication vulnerability in Automattic Woocommerce Payments and Woopayments An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. | 9.8 |
| 2023-04-07 | CVE-2023-23761 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. | 5.3 |