Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-44244 | Improper Authentication vulnerability in Lin-Cms Project Lin-Cms 0.2.1 An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | 6.6 |
| 2022-11-08 | CVE-2022-27510 | Improper Authentication vulnerability in Citrix Application Delivery Controller Firmware and Gateway Unauthorized access to Gateway user capabilities | 9.8 |
| 2022-11-04 | CVE-2022-39387 | Improper Authentication vulnerability in Xwiki Openid Connect XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. | 7.5 |
| 2022-11-01 | CVE-2022-2572 | Improper Authentication vulnerability in Octopus Server In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | 9.8 |
| 2022-10-31 | CVE-2022-39018 | Improper Authentication vulnerability in M-Files Hubshare 3.3.10.9 Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | 7.5 |
| 2022-10-28 | CVE-2022-41648 | Improper Authentication vulnerability in Heidenhain Heros and TNC 640 Programming Station The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | 9.8 |
| 2022-10-27 | CVE-2022-38744 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. | 7.5 |
| 2022-10-26 | CVE-2022-40703 | Improper Authentication vulnerability in Alivecor Kardia 5.17.1754993421 CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. | 6.1 |
| 2022-10-26 | CVE-2022-39355 | Improper Authentication vulnerability in Discourse Patreon Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. | 9.8 |
| 2022-10-26 | CVE-2022-39360 | Improper Authentication vulnerability in Metabase Metabase is data visualization software. | 6.5 |