CVE-2024-47130 Missing Authentication for Critical Function in goTenna Pro

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication...

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication...

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication...

CVE-2024-44202

CVE-2024-44202 affects Safari Private Browsing on Apple iOS 18 and iPadOS 18. It is described as an authentication issue where Private Browsing tabs could be accessed without authentication. Root cause cited as issues with state management and its remediation is described as resolved by improved ...

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication...

CVE-2024-39924

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate...

PT-2024-28736 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden formerly Bitwarden RS version 1.30.3 Description: A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an...

ZyXEL GS1510-16 Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZyXEL GS1510-16 Password Extractor', 'Description' = %q This module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin...

CVE-2024-42490

authentik (open-source Identity Provider) exposes certain API endpoints without proper authentication/authorization. Affected endpoints include /api/v3/crypto/certificatekeypairs//view_certificate/, /api/v3/crypto/certificatekeypairs//view_private_key/, and /api/v3/.../used_by/, where access depe...

CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

CVE-2024-42559

An issue in the login component processlogin.php of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password...

PT-2024-30566 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions 4.46.0 through 5.89.4 Description: The issue is related to improper authentication on some endpoints used for member actions, allowing an attacker to perform member-only actions and read member information. Recommendations: For...

MTN Group: OTP code Leaked in API Response

The application allowed users to sign up for device insurance. When getting a quote, an OTP code was sent to the user's phone number for authentication, but the same OTP code was also returned in the API response...

CVE-2024-40778

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2024-40778

The CVE-2024-40778 issue is an authentication-related flaw fixed by Apple in macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, and iOS 16.7.9 / iPadOS 16.7.9. The root cause is described as an authentication issue mitigated by improved state management, with the consequence that Photos in the Hidden Phot...

PT-2024-5295 · Progress · Progress Moveit Transfer

Name of the Vulnerable Software and Affected Versions: Progress MOVEit Transfer versions 2023.0.0 through 2023.0.11 Progress MOVEit Transfer versions 2023.1.0 through 2023.1.6 Progress MOVEit Transfer versions 2024.0.0 through 2024.0.2 Description: The issue is related to improper authentication ...

USN-6910-1 activemq vulnerabilities

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2015-7559 Peter Stöckli discovered that Apache ActiveMQ...

Important: openssh

Issue Overview: A signal handler race condition vulnerability was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler call...

CVE-2024-6579 Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...