Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-1477 | Improper Authentication vulnerability in Hypr Keycloak Authenticator 8.0.0 Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | 8.8 |
| 2023-04-28 | CVE-2023-28473 | Improper Authentication vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | 3.3 |
| 2023-04-27 | CVE-2023-2297 | Improper Authentication vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. | 8.1 |
| 2023-04-26 | CVE-2023-30845 | Improper Authentication vulnerability in Google Espv2 ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. | 9.8 |
| 2023-04-25 | CVE-2022-40723 | Improper Authentication vulnerability in Pingidentity Pingfederate, Pingid Integration KIT and Radius PCV The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 6.5 |
| 2023-04-24 | CVE-2023-25131 | Improper Authentication vulnerability in Cyberpower Powerpanel 4.8.6 Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. | 9.8 |
| 2023-04-22 | CVE-2023-0209 | Improper Authentication vulnerability in Nvidia Sbios NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | 7.8 |
| 2023-04-20 | CVE-2023-25601 | Improper Authentication vulnerability in Apache Dolphinscheduler On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. | 4.3 |
| 2023-04-20 | CVE-2023-27351 | Improper Authentication vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |