CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 4/5 • 510 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-06-10
Low

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an…

CVSS: 3.1 CWE: CWE-923
Read more
Medium

CVE-2024-54019

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN…

CVSS: 4.8 CWE: CWE-297
Read more
Medium

CVE-2024-50568

A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 thr…

CVSS: 5.9 CWE: CWE-300
Read more
Medium

CVE-2024-45329

A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view u…

CVSS: 4.3 CWE: CWE-639
Read more
Medium

CVE-2024-32119

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VD…

CVSS: 4.8 CWE: CWE-1390
Read more
Medium

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through tha…

CVSS: 6.5 CWE: CWE-140
Read more
2025-06-09
Medium

CVE-2025-30507

CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.

CVSS: 5.3 CWE: CWE-89
Read more
Critical

CVE-2025-30184

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

CVSS: 9.8 CWE: CWE-288
Read more
2025-06-06
High

CVE-2025-2766

70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authenti…

CVSS: 8.8 CWE: CWE-1393
Read more
High

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previousl…

CVSS: 7.5 CWE: CWE-770
Read more
Medium

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected inst…

CVSS: 6.8 CWE: CWE-798
Read more
High

CVE-2025-5749

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected in…

CVSS: 8.8 CWE: CWE-457
Read more
2025-06-05
Critical

CVE-2025-1793

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially…

CVSS: 9.8 CWE: CWE-89
Read more
2025-06-04
High

CVE-2025-46341

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header…

CVSS: 7.1 CWE: CWE-918
Read more
Medium

CVE-2025-20275

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. …

CVSS: 5.3 CWE: CWE-502
Read more
2025-06-03
Critical

CVE-2025-25022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive inform…

CVSS: 9.6 CWE: CWE-260
Read more
2025-05-30
Critical

CVE-2025-44619

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

CVSS: 9.1 CWE: CWE-284
Read more
2025-05-29
Critical

CVE-2025-4967

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.

CVSS: 9.1 CWE: CWE-918
Read more
2025-05-22
High

CVE-2025-5024

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may b…

CVSS: 7.4 CWE: CWE-400
Read more
2025-05-13
Critical

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative ac…

CVSS: 9.8 CWE: CWE-288
Read more
Medium

CVE-2025-22859

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited ar…

CVSS: 5.3 CWE: CWE-23
Read more
High

CVE-2025-22248

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster…

CVSS: 7.5 CWE: CWE-1188
Read more
2025-05-07
Medium

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated a…

CVSS: 6.8 CWE: CWE-347
Read more
2025-05-05
High

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump sessio…

CVSS: 7.8 CWE: CWE-287
Read more
2025-05-03
Medium

CVE-2024-41753

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed…

CVSS: 6.1 CWE: CWE-79
Read more
2025-04-29
High

CVE-2025-3891

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPres…

CVSS: 7.5 CWE: CWE-248
Read more
2025-04-25
High

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presente…

CVSS: 7.6 CWE: CWE-284
Read more
2025-04-23
Medium

CVE-2025-2771

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authe…

CVSS: 5.3 CWE: CWE-287
Read more
2025-04-17
Low

CVE-2025-26478

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, lea…

CVSS: 3.1 CWE: CWE-295
Read more
2025-04-16
Critical

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated rem…

CVSS: 10.0 CWE: CWE-306
Read more
2025-04-14
Medium

CVE-2025-2572

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup.

CVSS: 5.6 CWE: CWE-287
Read more
2025-04-10
High

CVE-2025-26330

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability…

CVSS: 7.0 CWE: CWE-863
Read more
Medium

CVE-2025-22471

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne…

CVSS: 6.5 CWE: CWE-190
Read more
2025-04-08
Critical

CVE-2024-48887

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

CVSS: 9.8 CWE: CWE-620
Read more
Low

CVE-2024-50565

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through…

CVSS: 3.1 CWE: CWE-300
Read more
High

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through…

CVSS: 7.5 CWE: CWE-923
Read more
High

CVE-2025-29986

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenti…

CVSS: 8.3 CWE: CWE-923
Read more
Medium

CVE-2025-29985

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker…

CVSS: 6.5 CWE: CWE-1188
Read more
2025-04-04
Critical

CVE-2025-2798

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This…

CVSS: 9.8 CWE: CWE-269
Read more
2025-04-01
Critical

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/jso…

CVSS: 9.8 CWE: CWE-288
Read more
2025-03-28
Medium

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0,…

CVSS: 5.3 CWE: CWE-200
Read more
Medium

CVE-2024-12619

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to inter…

CVSS: 5.2 CWE: CWE-1220
Read more
2025-03-27
Medium

CVE-2023-37405

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could…

CVSS: 6.5 CWE: CWE-311
Read more
Medium

CVE-2025-1997

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthoriz…

CVSS: 5.4 CWE: CWE-80
Read more
Medium

CVE-2024-56469

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to othe…

CVSS: 6.3 CWE: CWE-306
Read more
2025-03-26
High

CVE-2025-2110

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJA…

CVSS: 8.8 CWE: CWE-862
Read more
2025-03-24
Critical

CVE-2023-25610

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and v…

CVSS: 9.8 CWE: CWE-124
Read more
High

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7…

CVSS: 7.5 CWE: CWE-338
Read more
2025-03-21
Medium

CVE-2019-16151

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users…

CVSS: 4.7 CWE: CWE-79
Read more
2025-03-20
Critical

CVE-2025-2538

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative…

CVSS: 9.8 CWE: CWE-798
Read more
High

CVE-2025-2539

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it…

CVSS: 7.5 CWE: CWE-327
Read more
Medium

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authentica…

CVSS: 6.5 CWE: CWE-1230
Read more
Medium

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can b…

CVSS: 6.1 CWE: CWE-601
Read more
High

CVE-2024-9216

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the…

CVSS: 8.1 CWE: CWE-304
Read more
Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by provi…

CVSS: 9.8 CWE: CWE-304
Read more
Medium

CVE-2024-8251

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is direct…

CVSS: 5.3 CWE: CWE-20
Read more
High

CVE-2024-7983

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time conv…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2024-7036

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This pre…

CVSS: 7.5 CWE: CWE-400
Read more
Medium

CVE-2024-12074

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data wi…

CVSS: 6.5 CWE: CWE-400
Read more
High

CVE-2024-12070

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2024-12039

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset ow…

CVSS: 8.1 CWE: CWE-307
Read more
High

CVE-2024-11603

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path par…

CVSS: 7.5 CWE: CWE-918
Read more
High

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal ne…

CVSS: 7.5 CWE: CWE-918
Read more
High

CVE-2024-11172

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is n…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2024-11169

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated use…

CVSS: 7.5 CWE: CWE-115
Read more
Medium

CVE-2024-11044

An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Thi…

CVSS: 6.1 CWE: CWE-601
Read more
Medium

CVE-2024-10908

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited f…

CVSS: 6.1 CWE: CWE-601
Read more
High

CVE-2024-10513

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'm…

CVSS: 7.2 CWE: CWE-23
Read more
Critical

CVE-2024-10264

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This ca…

CVSS: 9.8 CWE: CWE-444
Read more
2025-03-18
High

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login…

CVSS: 9.8 CWE: CWE-284
Read more
2025-03-17
High

CVE-2024-48831

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability,…

CVSS: 8.4 CWE: CWE-259
Read more
Medium

CVE-2024-48828

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potenti…

CVSS: 5.5 CWE: CWE-269
Read more
Medium

CVE-2019-6697

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an…

CVSS: 5.3 CWE: CWE-79
Read more
Low

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" b…

CVSS: 3.7 CWE: CWE-798
Read more
2025-03-14
Medium

CVE-2023-48785

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS com…

CVSS: 4.8 CWE: CWE-295
Read more
Medium

CVE-2024-40590

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager d…

CVSS: 4.8 CWE: CWE-295
Read more
High

CVE-2024-26006

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.…

CVSS: 7.5 CWE: CWE-79
Read more
2025-03-13
Medium

CVE-2025-21104

Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploi…

CVSS: 4.3 CWE: CWE-601
Read more
2025-03-12
Critical

CVE-2025-25292

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a…

CVSS: 9.8 CWE: CWE-347
Read more
Critical

CVE-2025-25291

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a…

CVSS: 9.8 CWE: CWE-347
Read more
Critical

CVE-2024-10838

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address spac…

CVSS: 9.1 CWE: CWE-191
Read more
Medium

CVE-2024-13870

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, po…

CVSS: 5.7 CWE: CWE-1328
Read more
2025-03-11
High

CVE-2025-2233

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected ins…

CVSS: 8.8 CWE: CWE-347
Read more
High

CVE-2023-48790

A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to ex…

CVSS: 7.5 CWE: CWE-352
Read more
2025-03-07
Medium

CVE-2024-13526

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function…

CVSS: 4.3 CWE: CWE-862
Read more
2025-02-26
Medium

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus…

CVSS: 6.1 CWE: CWE-79
Read more
2025-02-19
High

CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the s…

CVSS: 8.8 CWE: CWE-798
Read more
2025-02-18
Medium

CVE-2024-13316

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability…

CVSS: 5.3 CWE: CWE-862
Read more
2025-02-13
Critical

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.

CVSS: 9.8 CWE: CWE-306
Read more
2025-02-11
High

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote…

CVSS: 8.1 CWE: CWE-288
Read more
High

CVE-2025-24470

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve…

CVSS: 8.6 CWE: CWE-41
Read more
High

CVE-2024-35279

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary cod…

CVSS: 8.1 CWE: CWE-121
Read more
Medium

CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

CVSS: 5.3 CWE: CWE-22
Read more
Medium

CVE-2024-53648

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP2…

CVSS: 6.8 CWE: CWE-489
Read more
2025-02-06
Medium

CVE-2024-52892

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI th…

CVSS: 6.1 CWE: CWE-79
Read more
2025-02-04
Medium

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript cod…

CVSS: 6.1 CWE: CWE-79
Read more
Low

CVE-2025-20895

Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

CVSS: 3.2 CWE: N/A
Read more
2025-01-30
Medium

CVE-2025-0143

Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.

CVSS: 4.3 CWE: CWE-787
Read more
2025-01-28
Medium

CVE-2024-29869

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to th…

CVSS: 5.5 CWE: CWE-732
Read more
2025-01-19
Critical

CVE-2024-38337

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission…

CVSS: 9.1 CWE: CWE-732
Read more
2025-01-14
Medium

CVE-2024-54021

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a re…

CVSS: 6.5 CWE: CWE-113
Read more
High

CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2024-46666

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow…

CVSS: 5.3 CWE: CWE-770
Read more
High

CVE-2024-23106

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack a…

CVSS: 8.1 CWE: CWE-307
Read more
2024-12-21
Critical

CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authen…

CVSS: 9.8 CWE: CWE-288
Read more
2024-12-16
Critical

CVE-2024-43234

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.

CVSS: 9.8 CWE: CWE-288
Read more
2024-12-10
High

CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'…

CVSS: 8.2 CWE: CWE-89
Read more
2024-11-15
High

CVE-2022-20814

A vulnerability in the certificate validation of Cisco&nbsp;Expressway-C and Cisco&nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.…

CVSS: 7.4 CWE: CWE-295
Read more
Medium

CVE-2024-41785

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering th…

CVSS: 6.1 CWE: CWE-79
Read more
2024-11-13
High

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-125
Read more
2024-11-05
High

CVE-2024-10114

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being retu…

CVSS: 8.1 CWE: CWE-287
Read more
2024-10-29
Critical

CVE-2024-51378

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus…

CVSS: 10.0 CWE: CWE-78
Read more
2024-10-11
High

CVE-2024-8912

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker:…

CVSS: 7.5 CWE: CWE-444
Read more
2024-10-01
High

CVE-2024-25632

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigne…

CVSS: 8.6 CWE: CWE-266
Read more
2024-08-21
High

CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, foll…

CVSS: 7.5 CWE: CWE-770
Read more
High

CVE-2024-21690

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.…

CVSS: 8.2 CWE: CWE-79
Read more
2024-07-24
Medium

CVE-2024-21684

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerab…

CVSS: 4.3 CWE: CWE-601
Read more
2024-07-10
Medium

CVE-2024-5492

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

CVSS: 6.1 CWE: CWE-601
Read more
2024-06-27
High

CVE-2024-5548

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'pr…

CVSS: 7.5 CWE: CWE-22
Read more