Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

Gitea Container Registry - Unauthorized Private Image Access

Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...

MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

Cisco Secure Firewall ASA & FTD - Authentication Bypass

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should...

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

JetBrains TeamCity > 2023.11.3 - Authentication Bypass

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...

Flowise 1.6.5 - Authentication Bypass

The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. id: CVE-2024-31621 info: name: Flowise 1.6.5 - Authentication Bypass author: DhiyaneshDK severity: high description: | The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. impact: |...

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping...

Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass

Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for...

WAVLINK - Access Control

Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform...

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

rConfig 3.9 - Authentication Bypass(Admin Login)

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. id: CVE-2020-13638 info: name: rConfig 3.9 - Authentication BypassAdmin Login author: theamanrawat severity: critical description: |...