PT-2024-20474 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform affected versions not specified Description: The issue is related to a lack of authentication in the fileserver component, allowing a remote attacker to access, create, modify, and delete files without proper...

The vulnerability of the Photos component in the macOS operating system, related to the lack of authentication for the critical function, allows a hacker to access the “Photos Album” without authentication.

The vulnerability of the macOS operating system is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to access the “Photos Album” album without being authenticated...

The vulnerabilities of the API interfaces of microprogramming software for thermal scanning systems like FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi, which allow attackers to gain unauthorized access to protected information.

The vulnerability of the API interfaces of microprogramming software for thermal scanning systems like FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi involves the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow ...

PT-2024-1434 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The cloud provider...

The vulnerability of the HNAP1 interface in D-Link DIR-822 microprogrammed router software allows a hacker to gain access to administrator accounts with empty passwords.

The vulnerability of the HNAP1 interface of D-Link DIR-822 microprogrammed router software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to access administrator accounts with empty passwords...

The vulnerability of the HNAP1 interface in D-Link DIR-822 microprogrammed router software allows a hacker to gain access to administrator accounts with empty passwords.

The vulnerability of the HNAP1 interface of D-Link DIR-822 microprogrammed router software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to access administrator accounts with empty passwords...

WordPress Plugin Contact Form Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold...

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from a lack of authentication in the internal data flow system...

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access Vulnerabilities

Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. + CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in...

PT-2023-7609 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to the incorrect implementation of the sequence of actions in the Quarkus Java framework's WebSocket technology, resulting from insufficient access restriction when...

The vulnerability of the microprogrammed software of the programmable logic controller LS ELECTRIC XBC-DN32U lies in the lack of authentication for a critical function. This allows attackers to escalate their privileges and gain control over the device.

The vulnerability of the microprogrammed logic controller LS ELECTRIC XBC-DN32U lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to enhance their privileges and gain control over the device...

CVE-2023-30969

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints...

The vulnerability of the HNAP interface of the D-Link DAP-1325 wireless signal booster’s microprogramming software allows a intruder to execute arbitrary code.

The vulnerability of the HNAP interface of the D-Link DAP-1325 wireless signal booster software exists due to the lack of authentication checks before access to functions is granted. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-36669

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...

CVE-2023-3028

Insufficient authentication in the MQTT backend broker allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT...

PT-2023-24779 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions through 23.1.00 Description: An issue was discovered where the agent's configuration can be remotely modified, and by default, authentication is not required. Some configuration fields related to SNMP, such as...

CVE-2023-0116

The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability...

CBOT Chatbot 访问控制错误漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a lack of origin authentication in WebSockets and allows content spoofing via the application API...

PT-2023-19027 · T&D +1 · Tr-71W/72W +7

Name of the Vulnerable Software and Affected Versions: T&D Corporation data logger products versions TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions ESPEC MIC CORP. data logger products versio...