When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,357 vulnerabilities with CWE-287
CVE-2023-5970
HIGH
SonicWall SMA 200/210/400/410/500v <10.2.1.9-57sv Authenticated MFA Bypass via Username Spoofing
CVSS 8.8
CVE-2023-47304
HIGH
Vonage VDV23 Firmware VDV21-3.2.11-0.5.1 - Unauthenticated Memory Read/Write via UART
CVSS 7.8
CVE-2023-42576
MEDIUM
Samsung Pass < 4.3.00.17 - Authentication Bypass via Invalid Exception Handler
CVSS 5.4
CVE-2023-33070
HIGH
Qualcomm AQT1000 Firmware - Denial of Service via Secure IO Calls
CVSS 7.1
CVE-2023-33054
CRITICAL
Qualcomm 315 5G IoT Modem Firmware - Improper Authentication in GPS HLOS Driver
CVSS 9.1
CVE-2023-5808
HIGH
Hitachi Vantara NAS SMU < 14.8.7825.01 - Authenticated Information Disclosure via URL Manipulation
CVSS 7.6
CVE-2023-44302
HIGH
Dell PowerProtect Data Manager DM5500 Firmware < 5.14.0.0 - Unauthenticated Improper Authentication
CVSS 8.1
CVE-2023-6354
MEDIUM
Tyler Technologies Court Case Management Plus - Unauthenticated Arbitrary File Upload/Deletion via PDFViewer.aspx
CVSS 5.3
CVE-2023-6353
MEDIUM
Tyler Technologies - Info Disclosure
CVSS 5.3
CVE-2023-6344
MEDIUM
Tyler Technologies Court Case Management Plus - Path Traversal
CVSS 5.3
CVE-2023-6343
MEDIUM
Tyler Technologies Court Case Management Plus - Info Disclosure
CVSS 5.3
CVE-2023-6342
MEDIUM
Tyler Technologies Court Case Management Plus - Auth Bypass
CVSS 5.3
CVE-2023-34388
MEDIUM
SEL-451 Firmware - Unauthenticated Session Hijacking via Improper Authentication
CVSS 6.5
CVE-2023-35137
HIGH
Zyxel NAS326/NAS542 < 5.21(AAZF.14)C0/< 5.21(ABAG.11)C0 - Authentication Bypass
CVSS 7.5
CVE-2023-29062
LOW
FACSChorus - Unauthenticated NTLMv2 Hash Exposure via LLMNR/MBT-NS/MDNS
CVSS 3.8
CVE-2023-48121
MEDIUM
Ezviz CS-C6N CS-CV310 CS-C6CN CS-C3N < v5.3.x build 20230401 - Authentication Bypass in Direct Connection Module
CVSS 5.3
CVE-2023-41264
CRITICAL
Netwrix Usercube <6.0.215 - Auth Bypass
CVSS 9.8
CVE-2023-6329
CRITICAL
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
CVSS 9.8
CVE-2023-41999
CRITICAL
Arcserve UDP < 9.2 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2023-48312
CRITICAL
capsule-proxy < 0.4.6 - Privilege Escalation via Missing TokenReview Authentication Check
CVSS 9.8
CVE-2023-4677
HIGH
Pandora FMS <= 772 - Unauthenticated Administrator Session ID Exposure via Cron Log Backup Files
CVSS 7.0
CVE-2023-2437
CRITICAL
UserPro < 5.1.1 - Unauthenticated Authentication Bypass via Facebook Login
CVSS 9.8
CVE-2023-6248
CRITICAL
Digital Communications Syrus4 IoT Gateway - Unsecured MQTT Code Execution
CVSS 10.0
CVE-2023-49105
CRITICAL
ownCloud <10.13.1 - Info Disclosure
CVSS 9.8
CVE-2023-48228
HIGH
authentik < 2023.8.5 - Improper Authentication via Missing PKCE Code Verifier Validation
CVSS 7.5
Details
Vulnerabilities
4,357
Exploit Likelihood
High