WordPress plugin IMPress Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Dragfy Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Gallery Images Ape 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...

VulnCheck KEV: CVE-2022-23227

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

NUUO NVRmini2 Devices Missing Authentication Vulnerability

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

PT-2025-3127 · Acronis · Acronis True Image

Name of the Vulnerable Software and Affected Versions: Acronis True Image macOS versions before build 41725 Acronis True Image Windows versions before build 41736 Description: The issue is related to sensitive information disclosure due to missing authentication. This affects the ability to prote...

The vulnerability of the Veeam Backup Enterprise Manager management service, a component of Veeam Backup & Replication, which protects cloud-based, virtual, and physical systems, allows attackers to escalate their privileges and cause service interruptions.

The vulnerability of the Veeam Backup Enterprise Manager management service for cloud, virtual, and physical system protection solutions lies in the absence of an authentication process. Exploiting this vulnerability could allow attackers to increase their privileges and cause service interruptio...

Missing Authentication For Critical Function

Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...

Missing Authentication for Critical Function

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the unauthenticated writes to the media repository. An attacker can plant problematic content into the med...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

PoC Authentication Bypass MFA Really Simple Security WordPress...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

!Python 3.xhttps://img.shields.io/badge/python-3.x-yellow.sv...

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

Microsoft has addressed four security flaws impacting its artificial intelligence AI, cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is...

CVE-2024-11980 Billion Electric router - Missing Authentication

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device...

CVE-2024-11980

CVE-2024-11980 describes a Missing Authentication vulnerability in multiple Billion Electric WiFi routers. Attackers can remotely and unauthenticatedly access a specific router function to obtain partial device information, modify the WiFi SSID, and restart the device. The CVSS 3.1 vector (AV:N/A...

CVE-2024-11980 Billion Electric router - Missing Authentication

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

PT-2024-10778 · Unknown · Vivo Framework

Name of the Vulnerable Software and Affected Versions: Vivo Framework affected versions not specified Description: The issue is related to improper control of framework service permissions, which may lead to the leakage of some sensitive device information. It is also described as a missing...

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...

CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...