Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2022-4874 | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-07 | CVE-2022-1101 | Improper Authentication vulnerability in Event Management System Project Event Management System 1.0 A vulnerability was found in SourceCodester Royale Event Management System 1.0. | 9.8 |
| 2023-01-05 | CVE-2021-40342 | Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem In the DES implementation, the affected product versions use a default key for encryption. | 9.8 |
| 2022-12-31 | CVE-2022-48195 | Improper Authentication vulnerability in Mellium Sasl 0.3.0 An issue was discovered in Mellium mellium.im/sasl before 0.3.1. | 9.8 |
| 2022-12-30 | CVE-2022-4861 | Improper Authentication vulnerability in M-Files Client Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. | 4.9 |
| 2022-12-28 | CVE-2022-41579 | Improper Authentication vulnerability in Huawei Hota-Fara-B19 Firmware 11.1.2.40 There is an insufficient authentication vulnerability in some Huawei band products. | 6.5 |
| 2022-12-28 | CVE-2022-23555 | Improper Authentication vulnerability in Goauthentik Authentik authentik is an open-source Identity Provider focused on flexibility and versatility. | 8.8 |
| 2022-12-27 | CVE-2020-36569 | Improper Authentication vulnerability in Digitalocean Golang-Nanoauth Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. | 9.1 |
| 2022-12-27 | CVE-2022-3156 | Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00 A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | 7.8 |