Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-01-13 CVE-2023-46942 Improper Authentication vulnerability in Evershop 1.0.0
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
network
low complexity
evershop CWE-287
7.5
2024-01-12 CVE-2024-21654 Improper Authentication vulnerability in Rubygems Rubygems.Org 20230814
Rubygems.org is the Ruby community's gem hosting service.
network
low complexity
rubygems CWE-287
critical
9.8
2024-01-12 CVE-2023-46805 Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
network
low complexity
ivanti CWE-287
8.2
2024-01-12 CVE-2023-49262 Improper Authentication vulnerability in Hongdian H8951-4G-Esp Firmware
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
network
low complexity
hongdian CWE-287
critical
9.8
2024-01-12 CVE-2023-50919 Improper Authentication vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before version 4.5.0.
network
low complexity
gl-inet CWE-287
critical
9.8
2024-01-11 CVE-2023-50127 Improper Authentication vulnerability in Hozard Alarm System 1.0
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication.
network
high complexity
hozard CWE-287
5.9
2024-01-10 CVE-2024-21638 Improper Authentication vulnerability in Microsoft Azure Ipam
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively.
network
low complexity
microsoft CWE-287
critical
9.8
2024-01-10 CVE-2023-48257 Improper Authentication vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device.
network
low complexity
bosch CWE-287
8.8
2024-01-09 CVE-2023-5376 Improper Authentication vulnerability in Korenix products
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
network
low complexity
korenix CWE-287
critical
9.1
2024-01-09 CVE-2023-51717 Improper Authentication vulnerability in Dataiku Data Science Studio
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
network
low complexity
dataiku CWE-287
critical
9.8