Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-01-07 CVE-2023-7210 Improper Authentication vulnerability in Onenav
A vulnerability was found in OneNav up to 0.9.33.
network
low complexity
onenav CWE-287
critical
9.8
2024-01-07 CVE-2023-7211 Improper Authentication vulnerability in Uniwayinfo products
A vulnerability was found in Uniway Router 2.0.
network
high complexity
uniwayinfo CWE-287
8.1
2024-01-04 CVE-2024-20803 Improper Authentication vulnerability in Samsung Android 11.0/12.0
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
low complexity
samsung CWE-287
6.5
2024-01-02 CVE-2024-21632 Improper Authentication vulnerability in Recognizeapp Omniauth::Microsoftgraph
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API.
network
low complexity
recognizeapp CWE-287
critical
9.8
2023-12-29 CVE-2023-7079 Improper Authentication vulnerability in Cloudflare Wrangler
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network.
low complexity
cloudflare CWE-287
5.7
2023-12-29 CVE-2023-31292 Improper Authentication vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack.
local
low complexity
sesami CWE-287
5.5
2023-12-27 CVE-2023-40038 Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access.
low complexity
arris CWE-287
8.8
2023-12-27 CVE-2023-4641 Improper Authentication vulnerability in multiple products
A flaw was found in shadow-utils.
local
low complexity
shadow-maint redhat CWE-287
5.5
2023-12-26 CVE-2023-6155 Improper Authentication vulnerability in Ays-Pro Quiz Maker
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
network
low complexity
ays-pro CWE-287
5.3
2023-12-25 CVE-2022-34267 Improper Authentication vulnerability in RWS Worldserver
An issue was discovered in RWS WorldServer before 11.7.3.
network
low complexity
rws CWE-287
critical
9.8