Vulnerabilities (CVE)

Filtered by CWE-287
Total 4218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-7079 1 Cloudflare 1 Wrangler 2026-06-17 N/A 6.4 MEDIUM
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
CVE-2023-6907 1 Codelyfe 1 Stupid Simple Cms 2026-06-17 4.8 MEDIUM 5.4 MEDIUM
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.
CVE-2023-6847 1 Github 1 Enterprise Server 2026-06-17 N/A 7.5 HIGH
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2023-6787 1 Redhat 2 Build Of Keycloak, Keycloak 2026-06-17 N/A 6.5 MEDIUM
A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.
CVE-2023-6768 1 Mr-corner 1 Amazing Little Poll 2026-06-17 N/A 9.4 CRITICAL
Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter.
CVE-2023-6514 1 Huawei 2 Ajmd-370s, Ajmd-370s Firmware 2026-06-17 N/A 8.8 HIGH
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.  Successful exploitation of this vulnerability may allow attackers to access restricted functions.
CVE-2023-6483 1 Aditaas 1 Allied Digital Integrated Tool-as-a-service 2026-06-17 N/A 9.1 CRITICAL
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.
CVE-2023-6451 1 Alayacare 1 Procura 2026-06-17 N/A 8.6 HIGH
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.
CVE-2023-6354 1 Tylertech 1 Court Case Management Plus 2026-06-17 N/A 5.3 MEDIUM
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
CVE-2023-6353 1 Tylertech 1 Court Case Management Plus 2026-06-17 N/A 5.3 MEDIUM
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
CVE-2023-6344 1 Tylertech 1 Court Case Management Plus 2026-06-17 N/A 5.3 MEDIUM
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
CVE-2023-6343 1 Tylertech 1 Court Case Management Plus 2026-06-17 N/A 5.3 MEDIUM
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
CVE-2023-6342 1 Tylertech 1 Court Case Management Plus 2026-06-17 N/A 5.3 MEDIUM
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
CVE-2023-6329 1 Controlid 1 Idsecure 2026-06-17 N/A 9.8 CRITICAL
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
CVE-2023-6155 1 Ays-pro 1 Quiz Maker 2026-06-17 N/A 5.3 MEDIUM
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
CVE-2023-5970 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2026-06-17 N/A 8.8 HIGH
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
CVE-2023-5844 1 Pimcore 1 Admin Classic Bundle 2026-06-17 N/A 7.2 HIGH
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
CVE-2023-5830 1 Documentlocator 1 Document Locator 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
CVE-2023-5808 2 Hitachi, Microsoft 2 Vantara Hitachi Network Attached Storage, Windows 2026-06-17 N/A 7.6 HIGH
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
CVE-2023-5627 1 Moxa 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more 2026-06-17 N/A 7.5 HIGH
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.