29 matches found
Versa Concerto Actuator Endpoint - Authentication Bypass
An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...
EUVD-2024-2198
Malicious code in bioql PyPI...
EUVD-2022-42681
Malicious code in bioql PyPI...
EUVD-2024-17384
Malicious code in bioql PyPI...
CVE-2025-34140 ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix
An authorization bypass vulnerability exists in ETQ Reliance legacy CG and NXG SaaS platforms. By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration ...
CVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-49536 ColdFusion | Incorrect Authorization (CWE-863)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...
CVE-2025-48804 Windows BitLocker Security Feature Bypass Vulnerability
...
CVE-2025-21264
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2025-27538 MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users
Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...
CVE-2025-24315 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can add devices of other users to their scenes or arbitrary scenes of other arbitrary users...
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "scenes"...
CVE-2025-31357 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain a user's plant list by knowing the username...
CVE-2025-30288 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code...
PT-2025-15657 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0, 2023.12, 2021.18 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...
PT-2025-15648 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4 through 2.4.8-beta2 and earlier Description: The issue is related to an improper access control vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to...
CVE-2024-8954 Authentication Bypass in composiohq/composio
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
Azure Linux 3.0 Security Update: opensc (CVE-2023-40660)
The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40660 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by...
CVE-2021-32030
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
...