Total
4197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | |||||
| CVE-2024-52968 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 6.7 MEDIUM |
| An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. | |||||
| CVE-2024-52786 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. | |||||
| CVE-2024-52518 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 4.4 MEDIUM |
| Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | |||||
| CVE-2024-51997 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the ‘jwk’ could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51996 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. | |||||
| CVE-2024-51767 | 1 Hpe | 1 Autopass License Server | 2026-06-17 | N/A | 7.3 HIGH |
| An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2024-50645 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token. | |||||
| CVE-2024-50644 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token. | |||||
| CVE-2024-50641 | 2026-06-17 | N/A | 8.1 HIGH | ||
| An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token. | |||||
| CVE-2024-50640 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function | |||||
| CVE-2024-50478 | 1 Swoopnow | 1 1-click Login\ | 2026-06-17 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | |||||
| CVE-2024-50341 | 2026-06-17 | N/A | 3.1 LOW | ||
| symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-50339 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 5.3 MEDIUM |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-4784 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 4.2 MEDIUM |
| An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | |||||
| CVE-2024-4601 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. | |||||
| CVE-2024-4303 | 2026-06-17 | N/A | 8.8 HIGH | ||
| ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP. | |||||
| CVE-2024-4129 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through 9.34.0. | |||||
| CVE-2024-4024 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 7.3 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. | |||||
| CVE-2024-49757 | 1 Zitadel | 1 Zitadel | 2026-06-17 | N/A | 7.5 HIGH |
| The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available. | |||||
