Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-11 | CVE-2022-37345 | Improper Authentication vulnerability in Intel products Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-11-10 | CVE-2022-38119 | Improper Authentication vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON Pro login function has insufficient authentication. | 9.8 |
| 2022-11-10 | CVE-2022-39038 | Improper Authentication vulnerability in Flowring Agentflow 4.0.0.1183.552 Agentflow BPM enterprise management system has improper authentication. | 8.8 |
| 2022-11-09 | CVE-2022-39892 | Improper Authentication vulnerability in Samsung Pass Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | 9.8 |
| 2022-11-09 | CVE-2022-44244 | Improper Authentication vulnerability in Lin-Cms Project Lin-Cms 0.2.1 An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | 6.6 |
| 2022-11-08 | CVE-2022-27510 | Improper Authentication vulnerability in Citrix Application Delivery Controller Firmware and Gateway Unauthorized access to Gateway user capabilities | 9.8 |
| 2022-11-04 | CVE-2022-39387 | Improper Authentication vulnerability in Xwiki Openid Connect XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. | 7.5 |
| 2022-11-01 | CVE-2022-2572 | Improper Authentication vulnerability in Octopus Server In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | 9.8 |
| 2022-10-31 | CVE-2022-39018 | Improper Authentication vulnerability in M-Files Hubshare 3.3.10.9 Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | 7.5 |
| 2022-10-28 | CVE-2022-41648 | Improper Authentication vulnerability in Heidenhain Heros and TNC 640 Programming Station The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | 9.8 |