1857 matches found
CVE-2025-26347
CVE-2025-26347 affects Q-Free MaxTime (MaxTime Suite) ≤ 2.11.0. The vulnerability is in maxprofile/menu/routes.lua and is due to a missing authentication for a critical function (CWE-306). An unauthenticated remote attacker can edit user permissions via crafted HTTP requests, with CVSS 3.1 base s...
USN-7264-1 openssl vulnerabilities
It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not abort as expected, possibly causing the communication to be intercepted. CVE-2024-12797 George Pantelakis and Alicja Kario discovered that...
CVE-2025-23189
Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...
Citrix Workspace App for Windows - Blank window and no authentication prompt
Citrix Workspace App for Windows SelfService does not display authentication prompt. It stays with a blank screen. End user can browse the store URL, login and launch apps/desktops successfully...
CVE-2024-54176
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing...
CVE-2024-52883
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication...
CVE-2024-52883
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication...
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
CVE-2025-0799
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...
CVE-2022-21660
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...
Ubuntu: Security Advisory (USN-7257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-24287
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3 UC06, SIMATIC PCS 7 V9.1 All versions V9.1 SP1 UC01, SIMATIC WinCC Runtime Professional V16 and earlier All versions, SIMATIC WinCC Runtime Professional V17 All versions V17 Upd4,...
CVE-2022-2821
Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2...
CVE-2022-37345
Improper authentication in BIOS firmwareA1 for some IntelR NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-35785
NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365...
CVE-2024-41657
Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...
CVE-2024-1006
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument NodUserId/NodUserToken leads to improper...
CVE-2024-1817
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...
CVE-2024-1739
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...
CVE-2024-9313
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them...