Total
1398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7516 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | N/A | 7.1 HIGH |
| A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | |||||
| CVE-2024-9644 | 2025-02-04 | N/A | 9.8 CRITICAL | ||
| The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities. | |||||
| CVE-2024-3219 | 2025-01-31 | N/A | N/A | ||
| The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. | |||||
| CVE-2024-35277 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2025-01-31 | N/A | 8.6 HIGH |
| A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets | |||||
| CVE-2023-31444 | 1 Talend | 1 Studio | 2025-01-31 | N/A | 7.5 HIGH |
| In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | |||||
| CVE-2024-37368 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 7.5 HIGH |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | |||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.7 LOW |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | |||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.1 LOW |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | |||||
| CVE-2023-23545 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2025-01-31 | N/A | 5.3 MEDIUM |
| Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | |||||
| CVE-2025-24456 | 1 Jetbrains | 1 Hub | 2025-01-30 | N/A | 6.7 MEDIUM |
| In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | |||||
| CVE-2024-10284 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 9.8 CRITICAL |
| The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-9861 | 1 Miniorange | 1 Otp Verification With Firebase | 2025-01-28 | N/A | 8.1 HIGH |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. | |||||
| CVE-2023-23906 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 7.5 HIGH |
| Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | |||||
| CVE-2023-22441 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | N/A | 8.6 HIGH |
| Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | |||||
| CVE-2023-36851 | 1 Juniper | 92 Ex2200, Ex2200-c, Ex2200-vc and 89 more | 2025-01-27 | N/A | 5.3 MEDIUM |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. | |||||
| CVE-2023-36846 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2025-01-27 | N/A | 5.3 MEDIUM |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. | |||||
| CVE-2023-1096 | 1 Netapp | 1 Snapcenter | 2025-01-27 | N/A | 9.8 CRITICAL |
| SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | |||||
| CVE-2024-12857 | 1 Scriptsbundle | 1 Adforest | 2025-01-24 | N/A | 9.8 CRITICAL |
| The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number. | |||||
| CVE-2023-23444 | 1 Sick | 22 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 19 more | 2025-01-24 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | |||||
| CVE-2024-45276 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2025-01-24 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | |||||