Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-42458 Improper Authentication vulnerability in Shift-Tech Bingo!Cms
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file.
network
low complexity
shift-tech CWE-287
critical
9.8
2022-12-07 CVE-2022-44620 Improper Authentication vulnerability in Unimo products
Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
network
low complexity
unimo CWE-287
8.8
2022-12-06 CVE-2022-35843 Improper Authentication vulnerability in Fortinet Fortios and Fortiproxy
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.
network
low complexity
fortinet CWE-287
critical
9.8
2022-12-06 CVE-2022-38336 Improper Authentication vulnerability in Mobatek Mobaxterm
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.
network
high complexity
mobatek CWE-287
8.1
2022-12-05 CVE-2022-40242 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-40259 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-43549 Improper Authentication vulnerability in Veeam Backup for Google Cloud 1.0/3.0
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
network
low complexity
veeam CWE-287
critical
9.8
2022-12-05 CVE-2022-43557 Improper Authentication vulnerability in BD products
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface.
high complexity
bd CWE-287
5.3
2022-12-05 CVE-2022-43504 Improper Authentication vulnerability in Wordpress
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.
network
low complexity
wordpress CWE-287
5.3
2022-12-04 CVE-2022-46411 Improper Authentication vulnerability in Veritas Access Appliance and Netbackup Flex Scale Appliance
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100.
network
low complexity
veritas CWE-287
8.8