1849 matches found
CVE-2025-30665 Zoom Workplace Apps for Windows - NULL Pointer Dereference
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access...
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
CVE-2025-3931 Yggdrasil: local privilege escalation in yggdrasil
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
CVE-2025-3931 Yggdrasil: local privilege escalation in yggdrasil
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
IBM i Trust Management Issues Vulnerabilities
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i is vulnerable to a trust management issue vulnerability that stems from improper handling of IBM i Netserver authentication, no details of the vulnerability are...
Alibaba Cloud Linux 3 : 0110: cups (ALINUX3-SA-2023:0110)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0110 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32360: An authentication issue was address...
CVE-2024-23815
The CVE-2024-23815 entry concerns Siemens Desigo CC. Affected: Desigo CC server (all versions) where Installed Clients can reach the server from networks outside a highly protected zone, or only within highly protected zones. Issue: the server fails to authenticate certain client requests, allowi...
PT-2025-21090 · Intel · Intel Slim Bootloader
Name of the Vulnerable Software and Affected Versions: IntelR Slim Bootloader affected versions not specified Description: The issue is related to improper authentication in the firmware, which may allow a privileged user to potentially enable escalation of privilege via local access...
PT-2025-21111 · Intel · Intel Tiber Edge Platform Edge Orchestrator
Name of the Vulnerable Software and Affected Versions: IntelR Tiber™ Edge Platform Edge Orchestrator software affected versions not specified Description: The issue concerns incorrect execution-assigned permissions for some Edge Orchestrator software, potentially allowing an authenticated user to...
CVE-2025-3506
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and...
CVE-2025-46826
insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...
CVE-2025-3272
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4...
CVE-2025-3759
CVE-2025-3759 affects WF2220. The documented vulnerability is that the endpoint /cgi-bin-igd/netcore_set.cgi, used to change device configuration, is accessible without authentication due to a missing access control check. Root cause: lack of authentication enforcement on configuration changes. R...
PT-2025-20382 · Telemessage · Telemessage Archiving Backend
Name of the Vulnerable Software and Affected Versions: TeleMessage archiving backend versions through 2025-05-05 Description: The issue concerns the acceptance of API calls from the TM SGNL aka Archive Signal app to request an authentication token, using hardcoded credentials. The credentials use...
PT-2025-20370 · Danfoss · Danfoss Ak-Sm 8Xxa Series
Name of the Vulnerable Software and Affected Versions: Danfoss AK-SM 8xxA Series versions prior to 4.2 Description: The issue is related to an improper authentication vulnerability in the Danfoss AKSM8xxA Series. This vulnerability affects the Danfoss AK-SM 8xxA Series prior to version 4.2...
CVE-2025-20973
Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder...
PT-2025-20291 · Opentext · Opentext Operations Bridge Manager
Name of the Vulnerable Software and Affected Versions: OpenText Operations Bridge Manager versions 2023.05, 23.4, 24.2, 24.4 Description: The issue is related to an Incorrect Authorization vulnerability that could allow privilege escalation by authenticated users. Recommendations: For versions...
PT-2025-19906 · Peprodev · Peprodev Ultimate Profile Solutions
Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions versions 1.9.1 through 7.5.2 Description: The issue is related to the lack of proper authentication in the handel ajax req function, specifically with the change user meta functionality. This allows attacke...
PT-2025-19970 · Unknown · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding...
PT-2025-19971 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns an improper implementation of authentication logic in the file system module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At...