CVE-2024-55538

Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image macOS before build 41725, Acronis True Image Windows before build 41736, Acronis True Image OEM macOS before build 42571, Acronis True Image OEM Windows before build 42575...

CVE-2022-45830 WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3...

CVE-2024-55538

Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image macOS before build 41725, Acronis True Image Windows before build 41736, Acronis True Image OEM macOS before build 42571, Acronis True Image OEM Windows before build 42575...

Fedora: Security Advisory (FEDORA-2024-0fa283c43a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin WP Travel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Appointment Hour Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-54919

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description A flaw exists in the ManageSieve AUTHENTICATE command that causes the service to crash when a literal value is used as the SASL initial response. This can lead to repeated crashes, resulting in a...

CVE-2024-56799 Simofa Allows Unauthenticated Access to API Routes

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...

CVE-2024-53171

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

CVE-2024-54450

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the possibly forged IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP addres...

CVE-2024-53171 ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

CVE-2024-54450

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the possibly forged IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP addres...

CVE-2024-12881

The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eospluginreviewsrestoreversion function in all versions up to, and including, 0.0.7. This makes it possible for authenticat...

CVE-2024-12881 PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation

The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eospluginreviewsrestoreversion function in all versions up to, and including, 0.0.7. This makes it possible for authenticat...

CVE-2024-53275

Home-Gallery.org (versions 1.15.0 and earlier) is vulnerable to DNS rebinding due to default exposure without TLS or authentication. An attacker can lure a user to a malicious site, then switch DNS to point to the internal Home-Gallery host and read the web server’s responses, potentially exfiltr...

CVE-2024-55470

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

PT-2024-36737 · Altair · Altair

Name of the Vulnerable Software and Affected Versions: Altair versions prior to v12.24Q4.1 Description: The issue is related to a lack of validation and authentication in the image proxy for compressing and resizing remote files, which could allow attacks affecting availability. This could result...

CVE-2024-47397

CVE-2024-47397 affects FXC AE1021 and AE1021PE with firmware 2.0.10 and earlier. The root cause is a weak authentication mechanism that can be bypassed by an undocumented specific string. Documented impacts in the sources describe a bypass of authentication, with no details on exploit vectors bey...

CVE-2024-47397

Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string...

CVE-2024-36832

A NULL pointer dereference in D-Link DAP-1513 REVAFIRMWARE1.01 allows attackers to cause a Denial of Service DoS via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it wil...