CVE-2025-40566

CVE-2025-40566 affects Siemens SIMATIC PCS neo: v4.1 up to but excluding Update 3, and v5.0 up to but excluding Update 1. The root cause is improper invalidation of user sessions on logout, allowing a remote, unauthenticated attacker who obtained a legitimate session token to reuse that session a...

CVE-2025-43010

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

CVE-2025-3218

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

CVE-2025-3218 IBM i improper certificate validation

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

CVE-2025-26401

CVE-2025-26401 affects JTEKT ELECTRONICS HMI ViewJet C-more series (weak encoding for password). A local authenticated attacker could obtain authentication information via this weakness. CVSSv3.0 base score 6.5 (LOCAL, LOW PR, HIGH confidentiality impact). Public references indicate the issue is ...

CVE-2025-1639

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...

CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

CVE-2024-12510 LDAP Authentication Sever Pass-back attack

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...

PT-2025-4229 · Microsoft · Account

Name of the Vulnerable Software and Affected Versions: Microsoft Account affected versions not specified Description: Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. The issue is related to a CWE-862 authentication attack, which can...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-7106-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7106-1 advisory. It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with request...

Mozilla Firefox for iOS cross-site scripting vulnerability (CNVD-2024-36717)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox for iOS suffers from a cross-site scripting vulnerability that is caused due to prolonged pressing of download links. An attacker can exploit this vulnerability to steal the victim's...

iperf3: vulnerable to marvin attack if the authentication option is used

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked...

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...

CVE-2024-2013

CVE-2024-2013 describes an authentication bypass in the FOXMAN-UN/UNEM server and its APIGateway, enabling unauthenticated interaction with services and the post-authentication surface. The vulnerability is tracked in multiple feeds (NVD, Red Hat, CVE List, ICS advisories) with CVSS v3.1 metrics ...

CVE-2023-5504

Summary (CVE-2023-5504) The BackWPup WordPress backup plugin is affected by a directory traversal vulnerability in versions up to and including 4.0.1, exploitable via the Log File Folder. The underlying issue allows an authenticated attacker with plugin access to store backups in arbitrary server...

MGASA-2023-0315 Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

CVE-2022-47501

CVE-2022-47501 affects Apache OFBiz versions before 18.12.07. It is an arbitrary/ local file reading vulnerability via the Solr plugin, described as a pre-authentication (unauthenticated) attack. The issue allows reading arbitrary server filesystem files through the Solr plugin debug endpoint, po...