Lucene search
K

384 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.11 views

The vulnerability of the SAP NetWeaver AS Java software integration platform lies in the absence of authentication procedures, which allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of SAP NetWeaver AS Java software-based integration platforms is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely compromise the confidentiality and integrity of the protected information...

6.5CVSS5.5AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2024/11/29 8:15 a.m.3 views

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

8.2CVSS5.8AI score0.0043EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.5 views

The vulnerability of hybrid cloud solutions for managing thin clients in the Dell Wyse Management Suite lies in the absence of authentication procedures. This allows attackers to trigger service interruptions and delete arbitrary files.

The vulnerability of the hybrid cloud solution for managing thin clients in the Dell Wyse Management Suite is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to cause service interruptions and delete arbitrary files...

6.6CVSS5.6AI score0.00385EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.10 views

Advantech EKI-6333AC-2G和Advantech EKI-6333AC-2GD 安全漏洞

The Advantech EKI-6333AC-2G and Advantech EKI-6333AC-2GD are both industrial-grade wireless access points APs from Advantech, China. A security vulnerability exists in Advantech EKI-6333AC-2G version 1.6.3 and earlier, EKI-6333AC-2GD version v1.6.3 and earlier, and EKI-6333AC-1GPO version v1.2.1...

9.8CVSS9.5AI score0.01026EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 8:15 p.m.7 views

CVE-2024-5721

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...

8.1CVSS6.4AI score0.0583EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 4:15 p.m.2 views

CVE-2024-38643

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

9.8CVSS5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.4 views

QNAP Systems Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...

9.8CVSS7.1AI score0.00933EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.6 views

PT-2024-33302 · Unknown · Ventilator Software Tools

Name of the Vulnerable Software and Affected Versions: Ventilator software tools affected versions not specified Description: The software tools used by service personnel to test and calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the...

10CVSS6.3AI score0.00676EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/05 12:0 a.m.6 views

The vulnerability of the OPC server WorkstationST, related to the lack of authentication for critical functions, allows attackers to write or overwrite files on the configuration server.

The vulnerability of the OPC server WorkstationST is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to record or rerecord configuration files on the server remotely...

9.7CVSS5.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/01 2:17 p.m.28 views

CVE-2024-39664 WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33...

7.3CVSS0.00399EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.7 views

The vulnerability of the Microsoft Dataverse data management platform, related to the absence of authentication procedures that prevent unauthorized access to protected information.

The vulnerability of the Microsoft Dataverse data management platform is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.6CVSS5.8AI score0.01076EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.6 views

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software lies in the lack of authentication for a critical function. This allows a intruder to execute arbitrary commands and cause malfunctions in the device’s operation.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and cause malfunctions in the system...

6.8CVSS5.9AI score0.00215EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/18 8:15 a.m.3 views

CVE-2023-6055

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...

7.4CVSS5.5AI score0.00239EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/15 12:0 a.m.10 views

The vulnerability of the microprogramming software of Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 stems from the absence of authentication for a critical function. This allows attackers to gain full access to the device’s configuration.

The vulnerability of the microprogramming software in Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 lies in the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to...

9.7CVSS8.1AI score0.00504EPSS
Exploits0References2Affected Software7
OSV
OSV
added 2024/09/26 4:15 a.m.4 views

CVE-2023-52949

Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 4:15 p.m.6 views

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

8.8CVSS5.8AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.4 views

Hitachi Energy MicroSCADA X SYS600 安全漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A security vulnerability exists in Hitachi Energy MicroSCADA ...

9.8CVSS6.5AI score0.00546EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.5 views

PT-2024-29899 · Homepage · Homepage

Name of the Vulnerable Software and Affected Versions: Homepage version 0.9.1 Description: The default setup of Homepage is vulnerable to DNS rebinding due to the lack of certificate and authentication. An attacker can exploit this by changing the DNS records of their domain to the internal IP...

6.5CVSS6.8AI score0.00245EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.11 views

The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.

The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...

6.8CVSS7.1AI score0.00524EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/07/22 3:17 a.m.5 views

WordPress Getwid – Gutenberg Blocks plugin <= 2.0.10 - Missing Authentication to API key update vulnerability

Missing Authentication to API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...

4.3CVSS7AI score0.00378EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder