When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,371 vulnerabilities with CWE-287
CVE-2021-33046
CRITICAL
Dahua IPC-HX1XXX-HX5XXX SD1A1-SD6AL Firmware 2017-7-2021-7 - Improper Authentication via Password Reset
CVSS 9.8
CVE-2021-43999
HIGH
Apache Guacamole <1.3.0 - Privilege Escalation
CVSS 8.8
CVE-2021-44458
HIGH
Mirantis Lens < 5.2.6 - Unauthenticated Remote Code Execution via WebSocket Terminal Feature
CVSS 8.3
CVE-2021-45389
CRITICAL
StarWind Command Center and SAN&NAS - Improper Authentication via JWT Token Injection
CVSS 9.8
CVE-2021-45917
HIGH
Shockwall System - Authenticated LAN Server-Side Request Forgery
CVSS 8.0
CVE-2021-23147
MEDIUM
Netgear Nighthawk R6700 <1.0.4.120 - Privilege Escalation
CVSS 6.8
CVE-2021-20168
MEDIUM
Netgear RAX43 1.0.3.96 - Unauthenticated Root Access via UART Interface
CVSS 6.8
CVE-2021-20161
MEDIUM
Trendnet TEW-827DRU Firmware 2.08B01 - Unauthenticated Root Shell Access via UART
CVSS 6.8
CVE-2021-45379
HIGH
Glewlwyd 2.0.0-2.6.0 - Unauthenticated Incorrect Access Control
CVSS 8.8
CVE-2021-38688
HIGH
Android App Qfile <3.0.0.1105 - Auth Bypass
CVSS 7.1
CVE-2021-45890
CRITICAL
AuthGuard < 0.9.0 - Improper Authentication via Inactive Identifier
CVSS 9.8
CVE-2021-21952
CRITICAL
Anker Eufy Homebase 2 2.1.6.9h - Authentication Bypass via CMD_DEVICE_GET_RSA_KEY_REQUEST
CVSS 9.8
CVE-2021-21902
HIGH
Garrett iC Module CMA - Authentication Bypass via Session Hijacking
CVSS 8.1
CVE-2021-27451
HIGH
Mesa Labs AmegaView <3.0 - Info Disclosure
CVSS 7.3
CVE-2021-36350
MEDIUM
Dell PowerScale OneFS <9.3.0 - Auth Bypass
CVSS 5.9
CVE-2021-44525
CRITICAL
ManageEngine PAM360 < 5303 - Unauthenticated Authentication Bypass via Filter Bypass
CVSS 9.8
CVE-2021-44676
CRITICAL
ManageEngine Access Manager Plus < 4203 - Authentication Bypass
CVSS 9.8
CVE-2021-44675
CRITICAL
ManageEngine ServiceDesk Plus MSP < 10.5 - Unauthenticated Remote Code Execution via Authentication Bypass
CVSS 9.8
CVE-2021-40851
HIGH
TCMAN GIM - Improper Authentication in WebService Methods
CVSS 7.5
CVE-2021-43834
CRITICAL
elabftw < 4.2.0 - Authentication Bypass via LDAP/SAML User Impersonation
CVSS 9.1
CVE-2021-43833
HIGH
elabftw < 4.2.0 - Authenticated Account Takeover via Crafted Email Address
CVSS 8.1
CVE-2021-43935
HIGH
Welch Allyn Connex Cardio < 1.1.1 - Improper Authentication via SSO Manual Account Entry
CVSS 8.1
CVE-2021-4073
CRITICAL
RegistrationMagic <5.0.1.7 - Auth Bypass
CVSS 9.8
CVE-2021-44937
MEDIUM
glFusion CMS 1.7.9 - Arbitrary User Registration via users.php
CVSS 5.3
CVE-2021-44524
CRITICAL
SiPass integrated V2.76/V2.80/V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Improper Authentication
CVSS 9.8
Details
Vulnerabilities
4,371
Exploit Likelihood
High