Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4428 | 1 Menulux | 1 Managment Portal | 2026-06-17 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024. | |||||
| CVE-2024-4332 | 2026-06-17 | N/A | N/A | ||
| An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. | |||||
| CVE-2024-49604 | 1 Najeebmedia | 1 Simple User Registration | 2026-06-17 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7. | |||||
| CVE-2024-49572 | 1 Socomec | 2 Diris M-70, Diris M-70 Firmware | 2026-06-17 | N/A | 7.2 HIGH |
| A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2024-49399 | 2026-06-17 | N/A | N/A | ||
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | |||||
| CVE-2024-49328 | 1 Vivektamrakar | 1 Wp Rest Api Fns | 2026-06-17 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | |||||
| CVE-2024-49052 | 1 Microsoft | 1 Azure Functions | 2026-06-17 | N/A | 8.2 HIGH |
| Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2024-48966 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | |||||
| CVE-2024-48953 | 1 Logpoint | 1 Siem | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | |||||
| CVE-2024-48952 | 1 Logpoint | 1 Soar | 2026-06-17 | N/A | 6.4 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. | |||||
| CVE-2024-48950 | 1 Logpoint | 1 Siem | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | |||||
| CVE-2024-48920 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | |||||
| CVE-2024-48882 | 1 Socomec | 2 Diris M-70, Diris M-70 Firmware | 2026-06-17 | N/A | 8.6 HIGH |
| A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2024-48791 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48777 | 2026-06-17 | N/A | 7.5 HIGH | ||
| LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48776 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48775 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48774 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | |||||
| CVE-2024-48773 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48771 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | |||||