Lucene search
K

1857 matches found

CVE
CVE
added 2025/02/12 1:27 p.m.51 views

CVE-2025-26347

CVE-2025-26347 affects Q-Free MaxTime (MaxTime Suite) ≤ 2.11.0. The vulnerability is in maxprofile/menu/routes.lua and is due to a missing authentication for a critical function (CWE-306). An unauthenticated remote attacker can edit user permissions via crafted HTTP requests, with CVSS 3.1 base s...

9.8CVSS9.6AI score0.01029EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/11 4:9 p.m.3 views

USN-7264-1 openssl vulnerabilities

It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not abort as expected, possibly causing the communication to be intercepted. CVE-2024-12797 George Pantelakis and Alicja Kario discovered that...

6.3CVSS7AI score0.05966EPSS
Exploits0References4
NVD
NVD
added 2025/02/11 1:15 a.m.4 views

CVE-2025-23189

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

4.3CVSS0.00225EPSS
Exploits0References2
Citrix
Citrix
added 2025/02/10 12:0 a.m.11 views

Citrix Workspace App for Windows - Blank window and no authentication prompt

Citrix Workspace App for Windows SelfService does not display authentication prompt. It stays with a blank screen. End user can browse the store URL, login and launch apps/desktops successfully...

7.3AI score
Exploits0
NVD
NVD
added 2025/02/08 5:15 p.m.25 views

CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing...

6.5CVSS0.00256EPSS
Exploits0References1
NVD
NVD
added 2025/02/07 4:15 p.m.22 views

CVE-2024-52883

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication...

7.5CVSS0.00612EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/07 12:0 a.m.20 views

CVE-2024-52883

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication...

0.00612EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:50 a.m.9 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS6.6AI score0.0352EPSS
Exploits5References1
NVD
NVD
added 2025/02/06 1:15 a.m.16 views

CVE-2025-0799

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

6.5CVSS0.00479EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:11 a.m.14 views

CVE-2022-21660

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...

8.1CVSS6.7AI score0.01097EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2025/02/06 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-7257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS7.7AI score0.14859EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:55 p.m.12 views

CVE-2022-24287

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3 UC06, SIMATIC PCS 7 V9.1 All versions V9.1 SP1 UC01, SIMATIC WinCC Runtime Professional V16 and earlier All versions, SIMATIC WinCC Runtime Professional V17 All versions V17 Upd4,...

7.8CVSS6.5AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:29 p.m.11 views

CVE-2022-2821

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2...

9.8CVSS6.8AI score0.01118EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:38 p.m.9 views

CVE-2022-37345

Improper authentication in BIOS firmwareA1 for some IntelR NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.2AI score0.00154EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:12 p.m.19 views

CVE-2020-35785

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365...

8.8CVSS7.2AI score0.00659EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 7:53 a.m.15 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS6.5AI score0.00748EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:39 a.m.12 views

CVE-2024-1006

A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument NodUserId/NodUserToken leads to improper...

7.5CVSS7.3AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.5 views

CVE-2024-1817

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

9.8CVSS6.8AI score0.00777EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:20 a.m.7 views

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

9.1CVSS7.7AI score0.00561EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:19 a.m.7 views

CVE-2024-9313

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References1
Rows per page
Query Builder