Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-1955 | Improper Authentication vulnerability in Opft Session 1.13.0 Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. | 4.6 |
| 2022-06-30 | CVE-2021-41506 | Improper Authentication vulnerability in Xiongmaitech products Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | 9.8 |
| 2022-06-28 | CVE-2022-29858 | Improper Authentication vulnerability in Silverstripe Assets Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | 4.3 |
| 2022-06-27 | CVE-2022-33202 | Improper Authentication vulnerability in Softcreate L2Blocker 4.8.5 Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | 8.1 |
| 2022-06-24 | CVE-2022-29578 | Improper Authentication vulnerability in Meridian 22.02/22.03 Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | 5.3 |
| 2022-06-24 | CVE-2021-41638 | Improper Authentication vulnerability in Melag FTP Server 2.2.0.4 The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | 7.5 |
| 2022-06-23 | CVE-2021-26638 | Improper Authentication vulnerability in Xisnd S&D Smarthome 3.2.48 Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. | 9.8 |
| 2022-06-21 | CVE-2022-29775 | Improper Authentication vulnerability in Ispyconnect Ispy 7.2.2.0 iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | 9.8 |
| 2022-06-20 | CVE-2022-1801 | Improper Authentication vulnerability in Very Simple Contact Form Project Very Simple Contact Form The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | 7.5 |
| 2022-06-17 | CVE-2018-25043 | Improper Authentication vulnerability in Bittorrent Utorrent A vulnerability classified as critical was found in uTorrent. | 8.8 |