PT-2025-9035 · Infoblox · Infoblox Nios

Name of the Vulnerable Software and Affected Versions: Infoblox NIOS versions prior to 8.6.5 Description: The issue is related to improper authentication for Grids, which could potentially allow unauthorized access. Recommendations: For versions prior to 8.6.5, update to version 8.6.5 or later to...

NetAlertX File Read Vulnerability

This module exploits improper authentication in logs.php endpoint. An unathenticated attacker can request log file and read any file due path traversal vulnerability. Module Options msf use auxiliary/scanner/http/netalertxfileread msf auxiliarynetalertxfileread show actions ...actions... msf...

openSUSE Security Advisory (SUSE-SU-2024:1981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-13799

The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes i...

PT-2025-29145 · Trend Micro · Trend Micro Worry-Free Business Security Services

Name of the Vulnerable Software and Affected Versions: Trend Micro Worry-Free Business Security Services WFBSS agent affected versions not specified Description: A missing authentication issue in the Trend Micro Worry-Free Business Security Services WFBSS agent could allow an unauthenticated...

CVE-2024-13855

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-24806

Authelia (open-source authentication server) has a flaw where allowing sign-in via both username and email can cause login events to be counted separately, effectively doubling regulation limits and increasing brute-force risk when two-factor is not enforced or passwords are weak. The issue has a...

CVE-2024-57725

An issue in the Arcadyan Livebox Fibra PRV3399BBLT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint...

CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

CVE-2025-26363

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...

CVE-2024-57725

An issue in the Arcadyan Livebox Fibra PRV3399BBLT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint...

CVE-2024-57725

An issue in the Arcadyan Livebox Fibra PRV3399BBLT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint...

Ubuntu 22.04 LTS : Apache ActiveMQ vulnerabilities (USN-7268-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7268-1 advisory. It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code...

CVE-2025-25188

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

CVE-2025-26347

CVE-2025-26347 affects Q-Free MaxTime (MaxTime Suite) ≤ 2.11.0. The vulnerability is in maxprofile/menu/routes.lua and is due to a missing authentication for a critical function (CWE-306). An unauthenticated remote attacker can edit user permissions via crafted HTTP requests, with CVSS 3.1 base s...

USN-7264-1 openssl vulnerabilities

It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not abort as expected, possibly causing the communication to be intercepted. CVE-2024-12797 George Pantelakis and Alicja Kario discovered that...

CVE-2025-23189

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

Citrix Workspace App for Windows - Blank window and no authentication prompt

Citrix Workspace App for Windows SelfService does not display authentication prompt. It stays with a blank screen. End user can browse the store URL, login and launch apps/desktops successfully...