Lucene search
K

390 matches found

CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in the data stream. A security vulnerability exists in Apache Kafka versions 0.10.2.0 throu...

5.3CVSS6.2AI score0.0078EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.29 views

CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.02973EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/26 12:0 a.m.13 views

Fortinet FortiWeb Multiple vulnerabilities in the authentication mechanism of confd (FG-IR-21-130)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-130 advisory. - Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15,...

9.8CVSS8.5AI score0.01445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.11 views

PT-2024-7496 · Red Hat · Red Hat 3Scale Api Management

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale API Management affected versions not specified Description: A flaw in the authentication mechanism of Red Hat 3scale API Management allows unauthorized access to the backend. This occurs when a non-base64 'basic' auth with...

7.5CVSS7.5AI score0.00387EPSS
Exploits0References7
NVD
NVD
added 2024/10/17 3:15 p.m.18 views

CVE-2024-9683

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the...

5.3CVSS0.00288EPSS
Exploits0References2
CVE
CVE
added 2024/10/04 12:13 p.m.62 views

CVE-2024-47652

The CVE-2024-47652 entry concerns Shilpi Client Dashboard, where the login module uses inadequate authentication, allowing an attacker to access any user account by supplying that user’s mobile number. This root cause implies a high-impact authentication weakness that could lead to full account c...

8.1CVSS8.1AI score0.00413EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2024/09/12 12:0 a.m.7 views

Siemens Mendix Runtime Information Disclosure Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in Siemens Mendix Runtime, which stems from the affected application's authentication...

6.9CVSS6.7AI score0.0044EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 10:15 a.m.12 views

CVE-2023-49069

A vulnerability has been identified in Mendix Runtime V10 All versions V10.17.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.11 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All...

6.9CVSS0.0044EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 9:36 a.m.15 views

CVE-2023-49069

A vulnerability has been identified in Mendix Runtime V10 All versions V10.17.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.11 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All...

6.9CVSS5.4AI score0.0044EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 9:36 a.m.49 views

CVE-2023-49069

The CVE relates to Mendix Runtime authentication: an observable response discrepancy when validating usernames in basic authentication allows unauthenticated remote attackers to distinguish valid vs invalid usernames. Affected versions include Mendix Runtime V8 (all versions < V8.18.33), V9 (&...

6.9CVSS5.4AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/22 12:0 a.m.13 views

CVE-2024-45168

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable...

0.00691EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.19 views

CVE-2024-45168

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable...

7.1AI score0.00691EPSS
Exploits1References5
Veracode
Veracode
added 2024/08/01 8:21 a.m.5 views

SQL Injection

github.com/prest/prest is vulnerable to SQL Injection through the authentication mechanism. The vulnerability is due to improper input validation which allows an attacker to bypass security restrictions and execute unauthorized SQL commands by manipulating input...

8.8AI score
Exploits0
CVE
CVE
added 2024/07/23 4:50 p.m.355 views

CVE-2024-41178

Apache Arrow Rust Object Store (object_store crate)

7.5CVSS6.8AI score0.0071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/15 7:38 p.m.54 views

CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

5.3CVSS0.00394EPSS
Exploits0References2
NVD
NVD
added 2024/07/05 5:15 p.m.22 views

CVE-2024-27712

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism...

9.8CVSS0.00572EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/05 12:0 a.m.8 views

eSkooly Security Vulnerabilities

eSkooly is a free online school management software from eSkooly, Inc. A security vulnerability exists in eSkooly version 3.0, which stems from an issue that allows remote attackers to elevate privileges via an authentication mechanism...

9.8CVSS7.2AI score0.00564EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/05 12:0 a.m.16 views

CVE-2024-27712

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism...

7.4AI score0.00572EPSS
Exploits0References1
CVE
CVE
added 2024/07/05 12:0 a.m.54 views

CVE-2024-27712

CVE-2024-27712 affects Eskooly Free Online School management Software version 3.0 and earlier. The vulnerability exists in the User Account Management component of the authentication mechanism, enabling a remote attacker to escalate privileges. CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9...

9.8CVSS7.5AI score0.00572EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/07/05 12:0 a.m.51 views

CVE-2024-27710

Eskooly Free Online School management Software v3.0 and earlier is affected by a privilege escalation via the authentication mechanism. Root cause is in the authentication flow allowing remote attackers to escalate privileges. Exploitation status/components are not detailed in the provided docume...

9.8CVSS7.5AI score0.00564EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder