CVE-2022-0384

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

CVE-2019-18246

BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure...

CVE-2019-20461

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol...

CVE-2019-20595

An issue was discovered on Samsung mobile devices with P9.0 software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 July 2019...

CVE-2019-20565

An issue was discovered on Samsung mobile devices with O8.x and P9.0 software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 September 2019...

CVE-2020-7244

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. In some cases, authentication can be achieved with the comtech password for the...

CVE-2020-23058

An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data...

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

CVE-2020-24987

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 6.14.0.3 is also a fixed release...

CVE-2024-41587

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6...

CVE-2023-29056

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined...

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

CVE-2023-31189

Improper authentication in some IntelR Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access...

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password...

CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

CVE-2022-26421

Uncontrolled search path element in the IntelR oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-12874

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server...