Critical
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.
Tag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 60/128 • 15330 CVEs.
Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access” · RSS (High+Critical only)
About “Unauthenticated/Unauthorized Access”
A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15330 CVEs for this tag (all time). In the last 365 days, 3834 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-08-16
Medium
CVE-2023-4374
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up…
2023-08-15
Critical
CVE-2023-35082
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This…
2023-08-14
Low
CVE-2022-32876
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.
Critical
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improp…
Critical
CVE-2023-3266
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated att…
Critical
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user…
High
CVE-2023-3263
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.…
Critical
CVE-2023-3259
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious ag…
2023-08-13
Critical
CVE-2023-39403
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39402
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39401
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39400
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39399
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39398
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Critical
CVE-2023-39385
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
2023-08-11
High
CVE-2023-28380
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
High
CVE-2023-27515
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.
Medium
CVE-2023-25775
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network acc…
High
CVE-2022-36392
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME m…
Medium
CVE-2022-36351
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
High
CVE-2022-29887
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
2023-08-10
Critical
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
High
CVE-2023-32561
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
Medium
CVE-2023-39965
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unaut…
Medium
CVE-2023-38245
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulner…
Medium
CVE-2023-38210
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-…
2023-08-09
Critical
CVE-2023-37068
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerabili…
Critical
CVE-2023-3632
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz -…
High
CVE-2023-37860
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.
2023-08-08
Critical
CVE-2023-39213
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network acc…
Medium
CVE-2023-39217
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
Critical
CVE-2023-39216
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
Critical
CVE-2023-36534
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
High
CVE-2023-36533
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
Medium
CVE-2023-36532
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
High
CVE-2023-37570
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the target…
Critical
CVE-2023-3572
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to g…
Medium
CVE-2023-39436
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business P…
Critical
CVE-2023-37483
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Low
CVE-2023-36926
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions…
2023-08-07
High
CVE-2021-24916
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
Medium
CVE-2023-4194
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing…
2023-08-04
Critical
CVE-2023-33372
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials…
Medium
CVE-2022-41401
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resour…
Medium
CVE-2023-38708
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction…
Medium
CVE-2023-3373
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.00…
High
CVE-2023-0525
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.…
2023-08-03
High
CVE-2023-0956
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an…
High
CVE-2023-33363
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.
Critical
CVE-2023-3346
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and ex…
High
CVE-2023-38744
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function…
Critical
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
2023-08-02
Critical
CVE-2023-1935
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service conditio…
Low
CVE-2023-23476
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.
Medium
CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about…
Medium
CVE-2023-31928
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticate…
2023-08-01
High
CVE-2023-34552
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker pre…
Medium
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
2023-07-31
Critical
CVE-2023-36092
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no lon…
Critical
CVE-2023-36091
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects produ…
Critical
CVE-2023-36090
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supp…
Critical
CVE-2023-36089
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affe…
2023-07-27
Critical
CVE-2023-3956
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in ver…
2023-07-26
Medium
CVE-2023-28013
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim'…
Critical
CVE-2023-33308
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a rem…
Medium
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters…
High
CVE-2023-38555
Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of…
High
CVE-2023-38433
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate th…
Medium
CVE-2023-3946
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convin…
2023-07-25
High
CVE-2023-2626
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a spe…
High
CVE-2023-3548
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.
High
CVE-2023-3486
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This co…
Critical
CVE-2023-35078
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
2023-07-24
Critical
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route re…
2023-07-21
Medium
CVE-2023-25841
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted c…
Medium
CVE-2023-32625
Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by h…
Medium
CVE-2023-32624
Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
2023-07-20
High
CVE-2023-34625
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicio…
Medium
CVE-2023-38523
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history…
High
CVE-2023-37290
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to lo…
2023-07-18
High
CVE-2023-22062
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerabilit…
High
CVE-2023-22060
Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerabilit…
Medium
CVE-2023-22055
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerabi…
Low
CVE-2023-22051
Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterp…
Low
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java…
High
CVE-2023-22047
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability all…
Low
CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…
Low
CVE-2023-22044
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…
Medium
CVE-2023-22043
Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network…
Medium
CVE-2023-22042
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerabil…
Medium
CVE-2023-22041
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…
Low
CVE-2023-22036
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE…
Medium
CVE-2023-22035
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows…
Medium
CVE-2023-22022
Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affecte…
High
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vuln…
High
CVE-2023-22014
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability all…
Low
CVE-2023-22006
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java…
Medium
CVE-2023-22004
Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable…
Medium
CVE-2023-21994
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Eas…
Medium
CVE-2023-21983
Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.…
Medium
CVE-2023-21961
Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0.…
Low
CVE-2023-21949
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows un…
High
CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user lo…
Medium
CVE-2023-35763
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
Critical
CVE-2023-35189
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it.
Critical
CVE-2023-34329
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confident…
High
CVE-2023-33871
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.
High
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/…
2023-07-17
Medium
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardles…
Critical
CVE-2023-2958
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714.
High
CVE-2023-2959
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2.
Medium
CVE-2023-3700
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
2023-07-15
High
CVE-2023-2268
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.
2023-07-14
High
CVE-2023-34236
Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Co…
Medium
CVE-2023-36833
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unaut…
2023-07-13
Medium
CVE-2023-30560
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
High
CVE-2023-29450
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unau…
Medium
CVE-2023-37563
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are…
Critical
CVE-2023-34137
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 a…