CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

Rembg CORS misconfiguration

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

CVE-2025-0150

CVE-2025-0150 affects Zoom Workplace Apps for iOS prior to 6.3.0, due to an incorrect behavior order that may allow an authenticated user with network access to cause a denial of service. The issue is documented across multiple sources, with PT-2025-10852 explicitly stating the affected versions ...

CVE-2024-52285

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.8, SiPass integrated ACC-AP All versions V6.4.8. Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data...

CVE-2024-51321

In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...

Security Update for Microsoft .NET Core (March 2025)

The version of Microsoft .NET Core installed on the remote host is 8.0.x 8.0.14 or 9.0.x 9.0.3. It is, therefore, affected by a vulnerability as referenced in the vendor advisory. - Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a...

CVE-2024-12604 Improper Authentication in Tapandsign Technologies Tap and Sign App

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App: before V.1.025...

CVE-2025-1887

SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

Linux Distros Unpatched Vulnerability : CVE-2024-50215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multip...

CVE-2025-27501

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...

CVE-2025-25302

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

CVE-2024-38426

While processing the authentication message in UE, improper authentication may lead to information disclosure...

CVE-2025-24924

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

Linux Distros Unpatched Vulnerability : CVE-2019-12529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the...

CVE-2025-27500

CVE-2025-27500 affects OpenZiti Console. An unauthenticated POST to the admin endpoint /api/upload can upload files stored on the node, which can be accessed to trigger a stored XSS when viewed in a user’s browser. The issue is tied to the legacy node-server behavior of the admin panel; the funct...

CVE-2025-1671

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academistmembershipcheckfacebookuser function not properly verifying a user's identity prior to authenticating them. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2011-0904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and...

CVE-2025-23225

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue...