WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.
CWE-287
CVE-2021-37545
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVE-2021-37414
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user’s APIKEY without authentication.
CVE-2021-37417
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
CVE-2021-37172
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
CVE-2021-37100
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.