Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-01-11 CVE-2022-4874 Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content.
network
low complexity
netcommwireless CWE-287
7.5
2023-01-10 CVE-2022-35401 Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230.
network
high complexity
asus CWE-287
8.1
2023-01-07 CVE-2022-1101 Improper Authentication vulnerability in Event Management System Project Event Management System 1.0
A vulnerability was found in SourceCodester Royale Event Management System 1.0.
network
low complexity
event-management-system-project CWE-287
critical
9.8
2023-01-05 CVE-2021-40342 Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem
In the DES implementation, the affected product versions use a default key for encryption.
network
low complexity
hitachienergy CWE-287
critical
9.8
2022-12-31 CVE-2022-48195 Improper Authentication vulnerability in Mellium Sasl 0.3.0
An issue was discovered in Mellium mellium.im/sasl before 0.3.1.
network
low complexity
mellium CWE-287
critical
9.8
2022-12-30 CVE-2022-4861 Improper Authentication vulnerability in M-Files Client
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
network
low complexity
m-files CWE-287
4.9
2022-12-28 CVE-2022-41579 Improper Authentication vulnerability in Huawei Hota-Fara-B19 Firmware 11.1.2.40
There is an insufficient authentication vulnerability in some Huawei band products.
network
low complexity
huawei CWE-287
6.5
2022-12-28 CVE-2022-23555 Improper Authentication vulnerability in Goauthentik Authentik
authentik is an open-source Identity Provider focused on flexibility and versatility.
network
low complexity
goauthentik CWE-287
8.8
2022-12-27 CVE-2020-36569 Improper Authentication vulnerability in Digitalocean Golang-Nanoauth
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
network
low complexity
digitalocean CWE-287
critical
9.1
2022-12-27 CVE-2022-3156 Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.  Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
local
low complexity
rockwellautomation CWE-287
7.8