Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-1617 | Improper Authentication vulnerability in Br-Automation VC4 Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. | 9.8 |
| 2023-04-12 | CVE-2023-28121 | Improper Authentication vulnerability in Automattic Woocommerce Payments and Woopayments An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. | 9.8 |
| 2023-04-07 | CVE-2023-23761 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. | 5.3 |
| 2023-04-04 | CVE-2023-27091 | Improper Authentication vulnerability in Teacms Project Teacms 2.3.3 An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). | 7.2 |
| 2023-04-04 | CVE-2023-1752 | Improper Authentication vulnerability in Getnexx products The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. | 4.3 |
| 2023-04-04 | CVE-2021-28235 | Improper Authentication vulnerability in Etcd 3.4.10 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | 9.8 |
| 2023-03-31 | CVE-2023-1784 | Improper Authentication vulnerability in Jeecg Boot 3.5.0 A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. | 9.8 |
| 2023-03-31 | CVE-2023-28862 | Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng An issue was discovered in LemonLDAP::NG before 2.16.1. | 9.8 |
| 2023-03-31 | CVE-2023-28727 | Improper Authentication vulnerability in Panasonic Aiseg2 Firmware 2.00J/2.80F/2.93A Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | 8.8 |
| 2023-03-30 | CVE-2023-27535 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |