CVE-2025-25016

CVE-2025-25016: Kibana suffers an Unrestricted File Upload weakness due to insufficient server-side validation, allowing an authenticated attacker to compromise software integrity by uploading a crafted file. Affected versions include Kibana 7.17.x before 7.17.19 and 8.0.x before 8.13.0. The issu...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-46627

CVE-2025-46627 concerns a weak-credentials issue in the Tenda RX2 Pro. Affected: Tenda RX2 Pro with firmware 16.03.30.14. Description from multiple sources: an unauthenticated attacker can authenticate to the Telnet service by deriving the root password from easily obtainable device information, ...

PT-2025-18691 · Kunbus +1 · Kunbus Revolution Pi Os +1

Name of the Vulnerable Software and Affected Versions: KUNBUS Revolution Pi OS Bookworm 01/2025 Description: The issue arises because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server, where the...

CVE-2025-46557

XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administrati...

CVE-2025-46557

Summary: CVE-2025-46557 affects XWiki platforms from multiple lines of release streams (15.3-rc-1 up to before 15.10.14; 16.0.0-rc-1 up to before 16.4.6; 16.5.0-rc-1 up to before 16.10.0-rc-1). A user who can view pages in the XWiki space can access XWiki.Authentication.Administration and, unless...

Any user with view access to the XWiki space can change the authenticator

Impact A user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administration and unless an authenticator is set in xwiki.cfg switch to another installed authenticator. Note that, by default, there is only one authenticator available...

(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the...

CVE-2025-29906 Finit bundled getty can bypass /bin/login

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-29906 Finit bundled getty can bypass /bin/login

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-24206

CVE-2025-24206 is an AirPlay-related authentication bypass affecting Apple devices and AirPlay SDK–enabled products. Public sources confirm local-network access enables bypass of authentication with high impact when combined with other AirPlay vulnerabilities. Affected and fixed versions include ...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-27538

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

CVE-2025-28232

Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication...

CVE-2025-32377

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-3627

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...

CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...