Vulnerabilities (CVE)

Filtered by CWE-287
Total 4218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5502 2026-06-17 N/A 5.9 MEDIUM
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.
CVE-2023-5376 1 Korenix 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more 2026-06-17 N/A 8.6 HIGH
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
CVE-2023-5329 1 F-logic 2 Datacube4, Datacube4 Firmware 2026-06-17 3.3 LOW 4.3 MEDIUM
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.
CVE-2023-5328 1 Sato 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware 2026-06-17 5.8 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.
CVE-2023-5326 1 Sato 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware 2026-06-17 5.8 MEDIUM 6.3 MEDIUM
A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027.
CVE-2023-5246 1 Sick 26 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 23 more 2026-06-17 N/A 8.8 HIGH
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
CVE-2023-52955 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.5 MEDIUM
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52540 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52210 2026-06-17 N/A 5.3 MEDIUM
Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0.
CVE-2023-52161 1 Intel 1 Inet Wireless Daemon 2026-06-17 N/A 7.5 HIGH
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
CVE-2023-52160 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Android and 4 more 2026-06-17 N/A 6.5 MEDIUM
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-51982 1 Cratedb 1 Cratedb 2026-06-17 N/A 9.8 CRITICAL
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)
CVE-2023-51761 1 Emerson 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more 2026-06-17 N/A 8.3 HIGH
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
CVE-2023-51717 1 Dataiku 1 Data Science Studio 2026-06-17 N/A 9.8 CRITICAL
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
CVE-2023-51708 1 Bentley 2 Assetwise Alim For Transportation, Eb System Management Console 2026-06-17 N/A 8.6 HIGH
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.
CVE-2023-51511 1 Booster 1 Booster For Woocommerce 2026-06-17 N/A 6.5 MEDIUM
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3.
CVE-2023-51484 2026-06-17 N/A 9.8 CRITICAL
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
CVE-2023-51482 2026-06-17 N/A 9.9 CRITICAL
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
CVE-2023-51478 1 Buildapp 1 Build App Online 2026-06-17 N/A 9.8 CRITICAL
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
CVE-2023-51477 2026-06-17 N/A 9.8 CRITICAL
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.