FreeBSD : MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication (5b87eef6-52aa-11f0-b522-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b87eef6-52aa-11f0-b522-b42e991fc52e advisory. NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper...

CVE-2021-4457

The CVE-2021-4457 entry corresponds to the ZoomSounds WordPress plugin, where versions prior to 6.05 contain a PHP file that allows unauthenticated arbitrary file uploads to the web server. This is the root cause and the primary impact is high confidentiality and integrity risk due to potential r...

CVE-2025-52570

CVE-2025-52570 affects the Letmein port-knock implementation. Before version 10.2.1, the connection limiter is implemented incorrectly, allowing an arbitrary number of simultaneous incoming connections (TCP, UDP, and Unix socket) for the services letmeind and letmeinfwd. The num-connections optio...

CVE-2025-44528

An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service DoS via sending a crafted LLPauseEncReq packet during the authentication and connection phase, causing a Denial of Service DoS...

CVE-2025-44528

An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service DoS via sending a crafted LLPauseEncReq packet during the authentication and connection phase, causing a Denial of Service DoS...

PT-2025-26647 · 70Mai · 70Mai 1S

Name of the Vulnerable Software and Affected Versions: 70mai 1S up to 20250611 Description: A problematic issue has been found in the Video Services component, leading to improper authentication. This issue requires access to the local network to be exploited, has a high complexity, and is...

PT-2025-26651

Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611 Description: A vulnerability has been found in the RTSP Live Video Stream Endpoint of the 70mai M300, affecting an unknown functionality of the file /livestream/12. This leads to improper authentication. The attack...

CVE-2025-32879

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device...

CVE-2025-32877

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...

PT-2025-26329 · Ibm · Ibm Spectrum Protect Server

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Server versions 8.1 through 8.1.26 Description: The issue is related to improper session authentication, which can allow an attacker to bypass authentication. This can result in access to unauthorized resources...

CVE-2025-6240 Profisee Path Traversal Vulnerability

Improper Input Validation vulnerability in Profisee on Windows filesystem modules allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2...

TencentOS Server 2: cups (TSSA-2023:0164)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0164 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: cups (TSSA-2023:0213)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0213 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

CVE-2025-49006

Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...

CVE-2025-3461

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...

Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

PT-2025-24686 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 2.4.10 Nautobot versions prior to 1.6.32 Description: The issue concerns Nautobot, a Network Source of Truth and Network Automation Platform. Files uploaded by users to Nautobot's MEDIA ROOT directory can be retriev...