Total
1398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2024-11-21 | 3.3 LOW | 4.4 MEDIUM |
| In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
| CVE-2011-4322 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| websitebaker prior to and including 2.8.1 has an authentication error in backup module. | |||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | |||||
| CVE-2006-0062 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | |||||
| CVE-2006-0061 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | |||||
| CVE-2024-10924 | 1 Really-simple-plugins | 1 Really Simple Security | 2024-11-20 | N/A | 9.8 CRITICAL |
| The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). | |||||
| CVE-2024-41969 | 2024-11-18 | N/A | 8.8 HIGH | ||
| A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | |||||
| CVE-2024-48966 | 2024-11-15 | N/A | 10.0 CRITICAL | ||
| The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | |||||
| CVE-2024-47575 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2024-11-08 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | |||||
| CVE-2024-50589 | 2024-11-08 | N/A | 7.5 HIGH | ||
| An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR). | |||||
| CVE-2024-51362 | 2024-11-06 | N/A | 6.5 MEDIUM | ||
| The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | |||||
| CVE-2024-10386 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | N/A | 9.8 CRITICAL |
| CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. | |||||
| CVE-2024-47406 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 9.8 CRITICAL |
| Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | |||||
| CVE-2024-6582 | 1 Lunary | 1 Lunary | 2024-11-03 | N/A | 4.3 MEDIUM |
| A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. | |||||
| CVE-2024-9430 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
| The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. | |||||
| CVE-2024-50488 | 1 Priyabratasarkar | 1 Token Login | 2024-10-31 | N/A | 8.8 HIGH |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3. | |||||
| CVE-2024-50477 | 1 Stacksmarket | 1 Stacks Mobile App Builder | 2024-10-31 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | |||||
| CVE-2024-50487 | 1 Maantheme | 1 Maanstore Api | 2024-10-31 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | |||||
| CVE-2024-50489 | 1 Realtyworkstation | 1 Realty Workstation | 2024-10-31 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45. | |||||
| CVE-2022-23862 | 1 Ysoft | 1 Safeq | 2024-10-30 | N/A | 7.8 HIGH |
| A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | |||||