93 matches found
Mars: Publicly accessible `█████████` endpoint exposing internal user identifiers and email addresses
A publicly accessible JSON API endpoint was found to expose sensitive user information, including internal identifiers and email addresses. The vulnerability was classified as an information disclosure issue with a medium severity rating. The problem was remediated by implementing proper...
PT-2025-30921 · Iroad · Iroad Dash Cam Fx2
Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 affected versions not specified Description: The IROAD Dashcam FX2 lacks authentication controls on its HTTP and RTSP interfaces, potentially allowing attackers to retrieve sensitive files and video recordings, and view live...
CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...
CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...
CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...
PT-2025-22392 · Cisco · Cisco Unified Contact Center Enterprise
Name of the Vulnerable Software and Affected Versions: Cisco Unified Contact Center Enterprise CCE affected versions not specified Description: A vulnerability in the Cloud Connect component could allow an unauthenticated, remote attacker to read and modify data on an affected device due to a lac...
PT-2025-17288
Name of the Vulnerable Software and Affected Versions ASUS AiCloud affected versions not specified Description A critical authentication control issue exists in ASUS AiCloud, potentially allowing attackers to bypass authentication and execute unauthorized functions on affected devices remotely. T...
CVE-2023-46694
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...
CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...
CVE-2024-11668
CVE-2024-11668 affects GitLab CE/EE, with versions 16.11–16.11.x before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. The issue allows long‑lived connections to bypass authentication controls and gain unauthorized access to streaming results. The provided connected documents describe the vu...
CVE-2024-11668 Insufficient Session Expiration in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...
CVE-2024-11668 Insufficient Session Expiration in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...
CVE-2024-11668 Insufficient Session Expiration in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...
CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...
Authentication Bypass
flowise is vulnerable to Authentication Bypass. The vulnerability is due to inadequate authentication controls that fail to properly verify user credentials, allowing unauthenticated attackers to access administrator-level API endpoints...
CVE-2024-36132
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources...
CVE-2024-36132
Ivanti Endpoint Manager for Mobile (EPMM) before 12.1.0.1 exposes an authentication-control verification weakness that allows a remote attacker to bypass authentication and access sensitive resources. Affected product/version: EPMM prior to 12.1.0.1. Root cause: insufficient verification of authe...
Denial Of Service (DoS)
silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls in the dev/build system controller, which could allow unauthorized users to trigger the dev/build process and potentially causing resource exhaustion and disrupting...
CVE-2023-46694
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...
PT-2024-13371 · Vtenext +1 · Vtenext +1
Name of the Vulnerable Software and Affected Versions: Vtenext version 21.02 Description: The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication...