Lucene search
K

2966 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.5 views

The vulnerability of the proxy server of the cloud messaging and Apache Pulsar streaming platform allows attackers to expose sensitive information and cause service failures.

The vulnerability of a cloud messaging and Apache Pulsar streaming service’s proxy server lies in the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to disclose protected information and cause service failures...

8.5CVSS7.5AI score0.01765EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/04/05 2:45 p.m.111 views

CVE-2024-31218

CVE-2024-31218 affects Webhood backend up to version 0.9.0, where the Pocketbase admin API can be invoked unauthenticated to create an admin account when none exists. The issue arises from Missing Authentication for a Critical Function and makes deployments vulnerable unless an admin account alre...

9.8CVSS9.6AI score0.00715EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/05 2:45 p.m.17 views

CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

9.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/03 11:33 a.m.28 views

Missing Authentication

apacheairflow is vulnerable to Missing Authentication. The vulnerability due to lack of authentication enforcement on the lineage endpoint of the deprecated Experimental API, allows unauthenticated users to access the endpoint, potentially exposing metadata about a Directed Acyclic Graph DAG and...

5.3CVSS6.9AI score0.04555EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2024/04/02 3:49 p.m.26 views

CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...

4.8CVSS5.3AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 3:49 p.m.62 views

CVE-2024-22247

CVE-2024-22247 — VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access during activation could potentially access BIOS configuration and exploit the default boot priority. The issue is documented with a moderate base sc...

4.8CVSS7.2AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/02 10:27 a.m.15 views

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...

5.2CVSS5.6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 10:27 a.m.51 views

CVE-2023-6949

CVE-2023-6949 affects the HTTP service on DJI Mavic Mini 3 Pro. A Missing Authentication for Critical Function vulnerability on port 80 allows an attacker to enumerate and download videos and pictures stored in drone memory without authentication. Connected sources corroborate the issue and ident...

5.2CVSS6.9AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.5 views

PT-2024-3861 · Vmware · Vmware Sd-Wan Edge

Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to a missing authentication and protection mechanism in the VMware SD-WAN Edge appliance. A malicious actor with physical access to the appliance during...

4.8CVSS6.7AI score0.00215EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/04/01 9:17 p.m.10 views

CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability

Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/01 9:17 p.m.28 views

CVE-2023-51571 Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability

Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

7.5CVSS7.8AI score0.00667EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.44 views

PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...

5.5CVSS7.3AI score0.00236EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

WordPress Plugin Word Replacer Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.7AI score0.00498EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/16 12:0 a.m.8 views

Simple JWT Security Vulnerability

Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...

5.5CVSS6.8AI score0.00804EPSS
Exploits3References6
NVD
NVD
added 2024/03/12 9:15 a.m.37 views

CVE-2024-25995

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...

9.8CVSS10AI score0.01404EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 8:10 a.m.86 views

CVE-2024-25995

CVE-2024-25995 involves PHOENIX CONTACT CHARX SEC-3000 (CHARX Series) AC charge controllers. The root cause is an input-validation/authentication flaw in critical functions, allowing an unauthenticated attacker to modify configurations and trigger remote code execution. Affected product versions ...

9.8CVSS9.9AI score0.01404EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/12 8:10 a.m.43 views

CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...

9.8CVSS10AI score0.01404EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 8:10 a.m.22 views

CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...

9.8CVSS9.9AI score0.01404EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.217 views

TPC-110W Missing Authentication

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/03 12:0 a.m.317 views

TPC-110W - Missing Authentication for Critical Function

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

7.4AI score
Exploits0
Rows per page
Query Builder