Total
1471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49052 | 1 Microsoft | 1 Azure Functions | 2025-02-05 | N/A | 8.2 HIGH |
| Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2023-23451 | 1 Sick | 20 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00030 and 17 more | 2025-02-05 | N/A | 9.8 CRITICAL |
| The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration. | |||||
| CVE-2023-51478 | 1 Buildapp | 1 Build App Online | 2025-02-05 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2024-41968 | 2025-02-04 | N/A | 5.4 MEDIUM | ||
| A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. | |||||
| CVE-2024-41967 | 2025-02-04 | N/A | 8.1 HIGH | ||
| A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | |||||
| CVE-2024-7516 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | N/A | 7.1 HIGH |
| A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | |||||
| CVE-2024-9644 | 2025-02-04 | N/A | 9.8 CRITICAL | ||
| The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities. | |||||
| CVE-2024-35277 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2025-01-31 | N/A | 8.6 HIGH |
| A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets | |||||
| CVE-2023-31444 | 1 Talend | 1 Studio | 2025-01-31 | N/A | 7.5 HIGH |
| In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | |||||
| CVE-2024-37368 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 7.5 HIGH |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | |||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.7 LOW |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | |||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.1 LOW |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | |||||
| CVE-2023-23545 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2025-01-31 | N/A | 5.3 MEDIUM |
| Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | |||||
| CVE-2025-24456 | 1 Jetbrains | 1 Hub | 2025-01-30 | N/A | 6.7 MEDIUM |
| In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | |||||
| CVE-2024-10284 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 9.8 CRITICAL |
| The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-9861 | 1 Miniorange | 1 Otp Verification With Firebase | 2025-01-28 | N/A | 8.1 HIGH |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. | |||||
| CVE-2023-23906 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 7.5 HIGH |
| Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | |||||
| CVE-2023-22441 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | N/A | 8.6 HIGH |
| Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | |||||
| CVE-2023-36851 | 1 Juniper | 92 Ex2200, Ex2200-c, Ex2200-vc and 89 more | 2025-01-27 | N/A | 5.3 MEDIUM |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. | |||||
| CVE-2023-36846 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2025-01-27 | N/A | 5.3 MEDIUM |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. | |||||