154 matches found
EUVD-2023-45870
Malicious code in bioql PyPI...
EUVD-2024-50423
Malicious code in bioql PyPI...
EUVD-2023-44757
Malicious code in bioql PyPI...
EUVD-2025-6853
Malicious code in bioql PyPI...
Exploit for CVE-2015-4335
This is a PoC exploit for CVE-2015-4335, a Redis Lua sandbox escape and arbitrary code execution vulnerability. The tool, named redischeck, checks a Redis instance for security vulnerabilities. It performs three checks: 1 if the AUTH command is set, 2 if the CONFIG command has been renamed, and 3...
CVE-2025-20983
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-25026
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check...
CVE-2025-25026 IBM Security Guardium information disclosure
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check...
CVE-2025-25026
CVE-2025-25026 affects IBM Guardium Data Protection (IBM Guardium Data Protection 12.0; also listed for 12.1 in the bulletin). Root cause: an incorrect authentication check allows an authenticated user to obtain sensitive information (information disclosure). CVSS: 4.3 (Med) with Network attack v...
PT-2025-23046 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 12.0 Description: The issue allows an authenticated user to obtain sensitive information due to an incorrect authentication check. Recommendations: For IBM Security Guardium version 12.0, consider restricting...
CVE-2019-10668
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly...
GHSA-RPG2-JVHP-H354 Yggdrasil Vulnerable to Local Privilege Escalation
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
PT-2025-15232
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0 Description Langflow is susceptible to unauthenticated remote code execution RCE due to missing authentication in the /api/v1/validate/code endpoint. A remote attacker can send crafted HTTP requests containing...
Citrix Application Probe fails with "Enumeration Failed"
ProbeAgent.txt on probe machine will show logging similar to the following: 2023-12-11 11:00:21,068 5 INFO - Starting probe job. DesktopId: Win10 Azure Desktop, Name: Win10 Desktop, Config Id: 1, Browser Name: Win10 Azure Desktop 2023-12-11 11:00:21,068 5 INFO - Running reachability check...
CVE-2025-23194
Summary (CVE-2025-23194) : SAP NetWeaver Enterprise Portal OBN has a missing authentication check for a specific configuration setting. This allows a non-authenticated user to alter the setting to an undesired value, resulting in a low integrity impact. No confidentiality or availability impact i...
CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...
CVE-2020-6287
SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...
CVE-2020-26829
SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...
CVE-2024-9821
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function CWE-306 in the FortiManager...