When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,355 vulnerabilities with CWE-287
CVE-2024-20738
CRITICAL
Adobe FrameMaker Publishing Server <2022.1 - Auth Bypass
CVSS 9.8
CVE-2024-25618
MEDIUM
Mastodon < 3.5.18 - Account Takeover via External Authentication Provider Email Matching
CVSS 4.2
CVE-2024-0568
HIGH
NFC Device Configuration - Auth Bypass
CVSS 8.8
CVE-2024-21410
CRITICAL
KEV
Microsoft Exchange Server - Elevation of Privilege via Improper Authentication
CVSS 9.8
CVE-2024-23813
HIGH
Polarion ALM < 2404.0 - Unauthenticated Remote Code Execution via REST API Endpoints
CVSS 7.3
CVE-2024-25313
HIGH
Code-projects Simple School Managment System 1.0 - Auth Bypass
CVSS 8.8
CVE-2024-25106
CRITICAL
OpenObserve < 0.8.0 - Authenticated Unauthorized User Removal via /api/{org_id}/users/{email_id} Endpoint
CVSS 9.1
CVE-2024-24830
CRITICAL
OpenObserve < 0.8.0 - Authenticated Privilege Escalation via User Creation Endpoint
CVSS 9.9
CVE-2024-24496
CRITICAL
Daily Habit Tracker 1.0 - Unauthenticated Tracker Manipulation via Home and Tracker Management Endpoints
CVSS 9.8
CVE-2024-22394
CRITICAL
SonicWall SonicOS <7.1.1-7040 - Auth Bypass
CVSS 9.8
CVE-2024-23806
MEDIUM
HID iCLASS SE Reader Configuration Cards Firmware - Unauthenticated Sensitive Data Exposure
CVSS 5.3
CVE-2024-24771
HIGH
Open Forms <2.2.9-2.5.2 - Auth Bypass
CVSS 7.7
CVE-2024-24592
CRITICAL
Allegro AI's ClearML - Info Disclosure
CVSS 9.8
CVE-2024-20816
HIGH
Auto Hotspot <SMR Feb-2024 Release 1 - Auth Bypass
CVSS 8.0
CVE-2024-20815
HIGH
Auto Hotspot <SMR Feb-2024 Release 1 - Privilege Escalation
CVSS 8.0
CVE-2024-1039
CRITICAL
Gessler GmbH WEB-MASTER Firmware - Improper Authentication via Hardcoded Credentials
CVSS 9.8
CVE-2024-23637
MEDIUM
OctoPrint <= 1.9.3 - Unverified Password Change
CVSS 4.2
CVE-2024-23647
MEDIUM
authentik <2023.8.7 and 2023.10.0-2023.10.7 - PKCE Downgrade Authentication Bypass via Code Challenge Removal
CVSS 6.5
CVE-2024-1006
HIGH
Shanxi Diankeyun Technology NODERP < 6.0.2 - Improper Authentication via Cookie Handler
CVSS 7.3
CVE-2024-23792
MEDIUM
OTRS 7.0.0-7.0.48 8.0.0-8.0.37 2023.0-2023.1.1 - Authenticated User Impersonation via Ticket Comment Attachment
CVSS 5.3
CVE-2024-0988
MEDIUM
Sichuan Yougou Technology KuERP <1.0.4 - Auth Bypass
CVSS 6.3
CVE-2024-23629
CRITICAL
Motorola MR2600 Firmware - Authentication Bypass via Web Component
CVSS 9.6
CVE-2024-0822
HIGH
ovirt-engine - Unauthenticated User Creation via CreateUserSession Command
CVSS 7.5
CVE-2024-0879
MEDIUM
vector_admin < 2024-01-23 - Authentication Bypass via Domain Restriction Filter
CVSS 6.5
CVE-2024-23219
MEDIUM
iPadOS < 17.3 - Improper Authentication
CVSS 6.2
Details
Vulnerabilities
4,355
Exploit Likelihood
High