CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 53/128 • 15328 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15328 CVEs for this tag (all time). In the last 365 days, 3832 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-03-21
Critical

CVE-2024-29732

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. Thi…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-2161

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2023-48902

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authenticat…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-27292

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It a…

CVSS: 7.5 CWE: CWE-706 - Use of Incorrectly-Resolved Name or Reference View on NVD
Critical

CVE-2024-1202

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1.  NOTE: The vendor was contacted and it was learned tha…

CVSS: 9.8 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2024-03-20
Critical

CVE-2024-28179

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server…

CVSS: 9.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of t…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2024-1844

The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1119

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and inclu…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and includ…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2024-03-19
High

CVE-2024-2169

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Den…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2024-21677

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated atta…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-1144

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionaliti…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2024-03-18
Medium

CVE-2023-6821

The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-26063

Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a…

CVSS: 5.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-2051

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force a…

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
Critical

CVE-2024-27767

CWE-287: Improper Authentication may allow Authentication Bypass

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or ca…

CVSS: 5.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who i…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-27974

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In…

CVSS: 6.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the pr…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perfor…

CVSS: 6.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-2577

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipula…

CVSS: 7.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2024-2576

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2024-2575

A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details…

CVSS: 7.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2024-2574

A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The mani…

CVSS: 7.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2024-03-16
Medium

CVE-2024-28070

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due t…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-28069

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper co…

CVSS: 7.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote att…

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2024-03-15
Critical

CVE-2024-28255

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles th…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-51699

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRun…

CVSS: 4.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2024-2193

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exp…

CVSS: 5.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2024-1917

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2024-1916

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2024-1915

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a targ…

CVSS: 9.8 CWE: CWE-468 - Incorrect Pointer Scaling View on NVD
Critical

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2024-0802

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from…

CVSS: 9.8 CWE: CWE-468 - Incorrect Pointer Scaling View on NVD
2024-03-14
Medium

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS: 6.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report fu…

CVSS: 7.6 CWE: CWE-287 - Improper Authentication View on NVD
2024-03-13
Critical

CVE-2024-28194

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this…

CVSS: 9.1 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2024-0799

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() fun…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2024-20319

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple N…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-1690

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability ch…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up t…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1370

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up t…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-1127

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1126

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() fun…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functio…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-0683

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This ma…

CVSS: 7.3 CWE: CWE-862 - Missing Authorization View on NVD
2024-03-12
Low

CVE-2024-28238

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security r…

CVSS: 2.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-28186

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organizatio…

CVSS: 7.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "f…

CVSS: 8.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-34321

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics abo…

CVSS: 8.2 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy ver…

CVSS: 8.0 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2024-1618

A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker wit…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Critical

CVE-2022-32257

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoint…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2024-03-11
Medium

CVE-2024-1645

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. T…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-22005

there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede…

CVSS: 8.4 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-03-09
Critical

CVE-2023-49340

An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control i…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2024-03-08
Medium

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-23295

A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2024-23273

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authenticati…

CVSS: 4.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
Low

CVE-2024-23255

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authe…

CVSS: 2.4 CWE: CWE-287 - Improper Authentication View on NVD
Low

CVE-2024-23240

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.

CVSS: 2.4 CWE: N/A View on NVD
2024-03-07
Critical

CVE-2024-2044

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can loa…

CVSS: 9.9 CWE: CWE-31 - Path Traversal: 'dir....filename' View on NVD
Medium

CVE-2023-46172

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. IBM X-Force ID: 269409.

CVSS: 5.6 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-51395

The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overf…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by util…

CVSS: 7.7 CWE: CWE-863 - Incorrect Authorization View on NVD
2024-03-06
High

CVE-2023-48703

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called inte…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2024-27288

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability…

CVSS: 6.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2024-03-05
Medium

CVE-2024-2188

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port map…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2023-7103

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024.

CVSS: 9.8 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
High

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a re…

CVSS: 7.5 CWE: CWE-1269 - Product Released in Non-Release Configuration View on NVD
Medium

CVE-2023-45598

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information.…

CVSS: 5.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Medium

CVE-2023-45596

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configura…

CVSS: 5.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
High

CVE-2023-5456

A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data wi…

CVSS: 8.1 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2024-03-04
Medium

CVE-2023-41829

An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.

CVSS: 5.0 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
High

CVE-2024-2048

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2024-03-03
High

CVE-2024-25016

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2024-03-01
High

CVE-2024-22182

A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.

CVSS: 8.6 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
Medium

CVE-2024-27296

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessib…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-27139

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially lead…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2024-27497

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-24903

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially expl…

CVSS: 8.0 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
Medium

CVE-2024-24900

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerabili…

CVSS: 5.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2024-25972

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and con…

CVSS: 8.3 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
Medium

CVE-2024-1120

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a miss…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-0692

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-02-29
Low

CVE-2024-1949

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post…

CVSS: 2.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versi…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, a…

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2024-25065

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2024-1722

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CVSS: 3.7 CWE: CWE-645 - Overly Restrictive Account Lockout Mechanism View on NVD
Medium

CVE-2024-1492

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-1470

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Clie…

CVSS: 7.1 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2024-1340

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to,…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1218

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1133

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questi…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versi…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-1129

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all ve…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-0907

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in al…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-0702

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/clas…

CVSS: 7.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-44347

Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achi…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-44345

Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to ach…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-44341

Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achi…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-38372

An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.

CVSS: 5.9 CWE: CWE-287 - Improper Authentication View on NVD
2024-02-28
High

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-22459

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentiall…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-1136

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all v…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2024-02-27
Critical

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  T…

CVSS: 10.0 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2024-02-26
Critical

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than vers…

CVSS: 9.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76.…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-02-23
Medium

CVE-2021-33146

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosur…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-33141

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD