Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-1039 Improper Authentication vulnerability in Gesslergmbh Web-Master Firmware 7.9
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
network
low complexity
gesslergmbh CWE-287
critical
9.8
2024-01-31 CVE-2024-23637 Improper Authentication vulnerability in Octoprint
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password.
network
low complexity
octoprint CWE-287
4.9
2024-01-30 CVE-2023-51982 Improper Authentication vulnerability in Cratedb 5.5.1
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component.
network
low complexity
cratedb CWE-287
critical
9.8
2024-01-29 CVE-2024-23792 Improper Authentication vulnerability in Otrs
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user.
network
low complexity
otrs CWE-287
6.5
2024-01-26 CVE-2024-23629 Improper Authentication vulnerability in Motorola Mr2600 Firmware
An authentication bypass vulnerability exists in the web component of the Motorola MR2600.
network
low complexity
motorola CWE-287
7.5
2024-01-25 CVE-2024-0822 Improper Authentication vulnerability in Ovirt Ovirt-Engine
An authentication bypass vulnerability was found in overt-engine.
network
low complexity
ovirt CWE-287
7.5
2024-01-23 CVE-2023-50275 Improper Authentication vulnerability in HP Oneview
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
network
low complexity
hp CWE-287
7.5
2024-01-23 CVE-2024-23219 Improper Authentication vulnerability in Apple Ipados
The issue was addressed with improved authentication.
local
low complexity
apple CWE-287
6.2
2024-01-13 CVE-2023-46942 Improper Authentication vulnerability in Evershop 1.0.0
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
network
low complexity
evershop CWE-287
7.5
2024-01-12 CVE-2023-46805 Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
network
low complexity
ivanti CWE-287
8.2