Lucene search
K

42 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.7 views

The vulnerability of the Desigo CC software platform lies in the lack of authentication for critical functions, allowing attackers to execute arbitrary code by sending specially crafted network requests.

The vulnerability of the Desigo CC software platform is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted network requests...

7.8CVSS6AI score0.00469EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.12 views

The vulnerability of the JetBrains YouTrack project and task management software, related to the lack of authentication for a critical function, allows attackers to gain unauthorized access to protected information.

The vulnerability of the JetBrains YouTrack project and task management software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.3CVSS5.5AI score0.00313EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.3 views

CVE-2023-30969

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints...

8.2CVSS6.8AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 p.m.8 views

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication...

8.1CVSS6.8AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.7 views

CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...

7.5CVSS6.9AI score0.01154EPSS
Exploits0References1
NVD
NVD
added 2025/05/21 5:15 p.m.16 views

CVE-2025-20242

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...

9.1CVSS0.05008EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.6 views

Novel-Plus 访问控制错误漏洞

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. Novel-Plus has an access control error vulnerability that stems from a lack of authentication...

7.5CVSS5.5AI score0.00673EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/07 1:10 a.m.6 views

CVE-2025-24924

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

9.8CVSS7.4AI score0.00522EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

Netgear C7800 安全漏洞

The NETGEAR C7800 is a wireless router from NETGEAR. A security vulnerability exists in the Netgear C7800 that stems from a lack of basic authentication and transport security, which could allow credentials to be stolen via a man-in-the-middle attack...

6.4CVSS6.5AI score0.00288EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.5 views

NVIDIA Base Command Manager 安全漏洞

NVIDIA Base Command Manager is a base command manager from NVIDIA Corporation. A security vulnerability exists in NVIDIA Base Command Manager that stems from a lack of authentication, successful exploitation of which could lead to code execution, denial of service, privilege escalation, informati...

9.8CVSS8.7AI score0.00886EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.8 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the lack of authentication procedures, which allows a perpetrator to execute arbitrary codes or commands.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or scripts by sending specially crafted HTTP requests o...

6.8CVSS5.9AI score0.00542EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.6 views

The vulnerability of the HTTP service of DJI Mavic Mini 3 Pro microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the HTTP service in DJI Mavic Mini 3 Pro microprogrammed software systems is related to the absence of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

5.5CVSS5.5AI score0.00236EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.8 views

The vulnerability in the Dapr Dashboard’s web interface relates to the lack of authentication for critical functions, allowing attackers to influence the confidentiality of protected information.

The vulnerability in the Dapr Dashboard’s web interface is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality of the protected information...

7.8CVSS7.2AI score0.02941EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.3 views

PT-2023-9595

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 9.0.0 and prior Description The issue is related to a lack of authentication for a critical function in the Connector/Python component of MySQL Connectors, allowing a low-privileged attacker with network access via...

7.7CVSS7AI score0.00517EPSS
Exploits0References23
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.6 views

Vulnerability of the qsmremove_file_fd_question function in the Quiz And Survey Master plugin of the WordPress content management system, allowing a user to delete any files they want.

Vulnerability of the qsmremovefilefdquestion function in the Quiz And Survey Master plugin of the WordPress content management system: This vulnerability is related to the lack of authentication checks for a critical function. Exploiting this vulnerability could allow an attacker to remotely dele...

10CVSS7.8AI score0.02034EPSS
Exploits5References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.5 views

The vulnerability of Git servers in Soft Serve mode, related to the absence of authentication procedures, allows attackers to bypass the authentication process.

The vulnerability of Git servers in Soft Serve mode is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

7.8CVSS7.2AI score0.0089EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.7 views

The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, allowing attackers to circumvent established security restrictions.

The vulnerability of the Apache ShenYu software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to circumvent established security restrictions remotely...

7.8CVSS7.2AI score0.03771EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.5 views

HCL Software HCL Domino 安全漏洞

HCL Software HCL Domino is an application software from India HCL Software. It provides a platform for application development. HCL Software HCL Domino has a security vulnerability that arises from a lack of security measures such as authentication, access control, and privilege management in a...

5.4AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.4 views

The vulnerability of the Cisco Application Services Engine software’s key storage mechanism lies in the lack of authentication for critical functions. This allows attackers to gain access to certain services on vulnerable devices.

The vulnerability of the Cisco Application Services Engine software’s key storage mechanism is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to gain access to a specific service on a vulnerable device...

10CVSS8.1AI score0.0225EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/07/23 12:0 a.m.9 views

The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

5.3CVSS6.3AI score0.01577EPSS
Exploits0References2
Rows per page
Query Builder