Vulnerabilities (CVE)

Filtered by CWE-287
Total 4202 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-44202 1 Apple 2 Ipados, Iphone Os 2026-06-17 N/A 5.3 MEDIUM
An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.
CVE-2024-44127 1 Apple 2 Ipados, Iphone Os 2026-06-17 N/A 5.3 MEDIUM
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.
CVE-2024-43409 1 Ghost 1 Ghost 2026-06-17 N/A 6.5 MEDIUM
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
CVE-2024-43240 1 Wpindeed 1 Ultimate Membership Pro 2026-06-17 N/A 9.4 CRITICAL
Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.
CVE-2024-42462 1 Upkeeper 1 Upkeeper Manager 2026-06-17 N/A 9.8 CRITICAL
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42336 1 Servision 1 Ivg Webmax 2026-06-17 N/A 8.2 HIGH
Servision - CWE-287: Improper Authentication
CVE-2024-42172 1 Hcltech 1 Dryice Myxalytics 2026-06-17 N/A 5.3 MEDIUM
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.
CVE-2024-42164 1 Fiware 1 Keyrock 2026-06-17 N/A 4.3 MEDIUM
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
CVE-2024-42038 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 8.8 HIGH
Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2024-41929 2026-06-17 N/A 8.8 HIGH
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
CVE-2024-41829 1 Jetbrains 1 Teamcity 2026-06-17 N/A 3.5 LOW
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
CVE-2024-41800 1 Craftcms 1 Craft Cms 2026-06-17 N/A 4.8 MEDIUM
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
CVE-2024-41798 2026-06-17 N/A 9.8 CRITICAL
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.
CVE-2024-41589 1 Draytek 2 Vigor3910, Vigor3910 Firmware 2026-06-17 N/A 8.8 HIGH
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
CVE-2024-41199 1 Ocuco 1 Innovation 2026-06-17 N/A 7.2 HIGH
An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41198 1 Ocuco 1 Innovation 2026-06-17 N/A 9.8 CRITICAL
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41197 1 Ocuco 1 Innovation 2026-06-17 N/A 9.8 CRITICAL
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41196 1 Ocuco 1 Innovation 2026-06-17 N/A 9.8 CRITICAL
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41195 1 Ocuco 1 Innovation 2026-06-17 N/A 9.8 CRITICAL
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-40794 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2026-06-17 N/A 5.3 MEDIUM
This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.