CVE-2024-35113

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing...

CVE-2025-22611

Coolify before 4.0.0-beta.361 is affected by an elevation of privilege due to missing authorization, allowing any authenticated user to escalate privileges to any role (including owner) and remove other members (admins/owners). This also enables access to the Terminal feature to execute remote co...

CVE-2025-22608

Coolify (before 4.0.0-beta.361) suffers from missing authorization that lets any authenticated user revoke arbitrary team invitations by providing a predictable, incrementing ID, enabling Denial of Service. A patch is available in 4.0.0-beta.361. The issue’s description across multiple sources co...

SUSE-SU-2025:0200-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...

SUSE-SU-2025:0198-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...

CVE-2024-12757

CVE-2024-12757 affects Nedap Librix Ecoreader and is described as missing authentication for critical functions, potentially allowing an unauthenticated attacker to execute malicious code. The entry cites high-severity CVSS scores (3.1: 8.6; 4.0: 8.8) with network-based access and no privileges r...

CVE-2025-0355

CVE-2025-0355 concerns NEC Aterm devices with a Missing Authentication for Critical Function, allowing an unauthenticated attacker to obtain Wi‑Fi passwords over the network. Affected products and vulnerable versions (from connected JVN entries): WG2600HS (prior to 1.7.2), WF1200CRS (prior to 1.6...

CVE-2024-36510

CVE-2024-36510 affects Fortinet FortiClientEMS and FortiSOAR. The issue is an observable response discrepancy (CWE-204) that could allow an unauthenticated attacker to enumerate valid users by observing login request responses. Affected: FortiClientEMS versions 7.0 all versions and 7.2.0–7.2.4, 7...

CVE-2025-0070

CVE-2025-0070 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. Affected component: authentication checks in the ABAP server allowing an authenticated attacker to escalate privileges and gain illegitimate access. Documented impact: high on confidentiality, integrity, and availa...

CVE-2023-42241

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamanagraphic.php...

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

CVE-2024-13258

Summary: CVE-2024-13258 is an Incorrect Authorization issue in the Drupal REST & JSON API Authentication module that allows forceful browsing. Affected software: Drupal REST & JSON API Authentication module (versions 0.0.0 through 2.0.12). Root cause/impact: Insufficient access control could bypa...

CVE-2024-6155

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

CVE-2024-6155 Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

CVE-2024-12264

The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...

CVE-2024-10527

CVE-2024-10527 affects the Spacer WordPress plugin. The vulnerability results from a missing capability check in the motech_spacer_callback() function across all versions up to and including 3.0.7. This allows authenticated users with Subscriber-level access and above to view limited settings inf...

NiceGUI On Air authentication issue

Summary Once a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode. Impact high...

CVE-2025-21618 NiceGUI On Air authentication issue

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...

CVE-2025-21618 NiceGUI On Air authentication issue

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...

CVE-2025-21618

CVE-2025-21618 (NiceGUI) affects NiceGUI (Python UI framework) prior to version 2.9.1. The root cause is improper handling of authentication cookies/session state, causing a login in one browser (including incognito) to persist across all other browsers on the same user account. Impact is unautho...