CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 5/5 • 510 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-06-27
High

CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/ge…

CVSS: 7.5 CWE: CWE-73
Read more
2024-06-11
Critical

CVE-2024-29855

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator

CVSS: 9.0 CWE: CWE-798
Read more
2024-06-04
Medium

CVE-2023-37865

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Loca…

CVSS: 5.3 CWE: CWE-290
Read more
2024-05-23
Critical

CVE-2024-5296

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.…

CVSS: 9.8 CWE: CWE-321
Read more
2024-05-16
High

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality t…

CVSS: 7.5 CWE: CWE-22
Read more
2024-05-15
Critical

CVE-2024-33625

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.

CVSS: 9.8 CWE: CWE-259
Read more
Medium

CVE-2024-20391

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.…

CVSS: 6.8 CWE: CWE-306
Read more
2024-05-03
Critical

CVE-2023-44411

D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-…

CVSS: 9.8 CWE: CWE-798
Read more
High

CVE-2023-42034

Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installati…

CVSS: 8.8 CWE: CWE-79
Read more
High

CVE-2023-41183

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Aut…

CVSS: 8.8 CWE: CWE-306
Read more
Medium

CVE-2023-39480

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of…

CVSS: 6.5 CWE: CWE-552
Read more
High

CVE-2023-39479

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integra…

CVSS: 8.8 CWE: CWE-552
Read more
High

CVE-2023-35717

TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 I…

CVSS: 8.8 CWE: CWE-640
Read more
Critical

CVE-2023-32169

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.…

CVSS: 9.8 CWE: CWE-321
Read more
Medium

CVE-2023-32152

D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 rout…

CVSS: 6.5 CWE: CWE-303
Read more
Medium

CVE-2023-32148

D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 route…

CVSS: 6.5 CWE: CWE-303
Read more
2024-04-16
High

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access,…

CVSS: 8.2 CWE: CWE-288
Read more
2024-04-10
Critical

CVE-2024-2221

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. T…

CVSS: 9.8 CWE: CWE-434
Read more
High

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated ve…

CVSS: 7.5 CWE: CWE-284
Read more
Critical

CVE-2024-2029

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription.…

CVSS: 9.8 CWE: CWE-78
Read more
2024-03-29
Medium

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (…

CVSS: 5.9 CWE: CWE-367
Read more
2024-03-04
High

CVE-2024-2048

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration…

CVSS: 8.1 CWE: CWE-295
Read more
2023-06-14
Critical

CVE-2023-31746

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root u…

CVSS: 9.8 CWE: CWE-77
Read more
2022-03-08
Medium

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8),…

CVSS: 6.7 CWE: CWE-326
Read more
2021-12-08
Critical

CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' use…

CVSS: 9.8 CWE: CWE-121
Read more
2021-10-20
Medium

CVE-2021-35567

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM…

CVSS: 6.8 CWE: N/A
Read more
2021-09-07
Critical

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

CVSS: 9.8 CWE: CWE-706
Read more
2021-06-29
High

CVE-2021-1134

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensiti…

CVSS: 7.4 CWE: CWE-295
Read more
2019-02-20
High

CVE-2019-3924

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients.…

CVSS: 7.5 CWE: CWE-441
Read more
2017-01-27
Critical

CVE-2017-3248

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1.…

CVSS: 9.8 CWE: N/A
Read more