CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

CVE-2024-40778

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-45168

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable...

CVE-2024-6911

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication...

CVE-2024-28405

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMSFuntion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges...

CVE-2024-22399

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

CVE-2024-53855

Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...

CVE-2024-35183

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication...

CVE-2024-54450

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the possibly forged IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP addres...

CVE-2024-11668

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

CVE-2024-47865

Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device...

CVE-2024-10971

Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission...

CVE-2024-9629

The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with...

CVE-2023-40401

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication...

CVE-2023-23867

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...