Lucene search
K

29 matches found

Nuclei
Nuclei
added 22 hours ago61 views

Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

9.2CVSS7.1AI score0.83479EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-2198

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00791EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-42681

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00768EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-17384

Malicious code in bioql PyPI...

8.2CVSS8.3AI score0.00701EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/22 12:34 p.m.15 views

CVE-2025-34140 ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix

An authorization bypass vulnerability exists in ETQ Reliance legacy CG and NXG SaaS platforms. By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration ...

8.7CVSS0.00641EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/20 6:1 p.m.12 views

CVE-2025-47158

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

9CVSS6.3AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 8:49 p.m.7 views

CVE-2025-49536 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...

7.3CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 4:57 p.m.8 views

CVE-2025-48804 Windows BitLocker Security Feature Bypass Vulnerability

...

6.8CVSS0.00548EPSS
Exploits1References1
NVD
NVD
added 2025/05/13 5:15 p.m.7 views

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS0.00629EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 7:45 a.m.56 views

CVE-2025-27538 MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

2.2CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 9:57 p.m.22 views

CVE-2025-24315 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can add devices of other users to their scenes or arbitrary scenes of other arbitrary users...

6.9CVSS0.00568EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 9:5 p.m.5 views

CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "scenes"...

6.9CVSS5.5AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 8:21 p.m.10 views

CVE-2025-31357 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a user's plant list by knowing the username...

6.9CVSS5.4AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 8:2 p.m.15 views

CVE-2025-30288 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code...

8.2CVSS0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.3 views

PT-2025-15657 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0, 2023.12, 2021.18 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

8.2CVSS9AI score0.00308EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.8 views

PT-2025-15648 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4 through 2.4.8-beta2 and earlier Description: The issue is related to an improper access control vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to...

5.3CVSS6.2AI score0.00468EPSS
Exploits0References10
OSV
OSV
added 2025/03/20 10:10 a.m.3 views

CVE-2024-8954 Authentication Bypass in composiohq/composio

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

9.8CVSS7.2AI score0.00817EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.11 views

Azure Linux 3.0 Security Update: opensc (CVE-2023-40660)

The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40660 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by...

6.6CVSS6.7AI score0.00925EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/08 4:43 a.m.9 views

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...

9.8CVSS7.3AI score0.99393EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/14 6:3 p.m.52 views

CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability

...

7.1CVSS6.9AI score0.02169EPSS
Exploits0References1
Rows per page
Query Builder