17 matches found
CVE-2018-18891
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete= because the authentication check occurs too late...
EUVD-2018-8537
Malware in sbrugna...
EUVD-2005-2404
Malware in sbrugna...
EUVD-2020-30294
Malware in sbrugna...
EUVD-2025-22261
Malicious code in bioql PyPI...
EUVD-2023-52363
Malicious code in bioql PyPI...
EUVD-2022-24740
Malicious code in bioql PyPI...
CVE-2025-32879
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device...
CVE-2025-3461
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...
CVE-2019-15819
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for ndrstimportsettingsphpfunction authentication...
PT-2025-19971 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns an improper implementation of authentication logic in the file system module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At...
PT-2025-18124 · Apple · Macos Sonoma +7
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.4 tvOS versions prior to 18.4 macOS Ventura versions prior to 13.7.5 iPadOS versions prior to 17.7.6 macOS Sonoma versions prior to 14.7.5 iOS versions prior to 18.4 iPadOS versions prior to 18.4 visionOS versions...
CVE-2025-26363
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...
CVE-2024-53171 ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...
CVE-2023-46096
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...
PT-2023-24861 · Percona · Percona Monitoring/Management
Name of the Vulnerable Software and Affected Versions: Percona Monitoring and Management PMM server versions 2.x through 2.37.0 Description: The issue arises from the authenticate function in auth server.go not properly formalizing and sanitizing URL paths, which fails to reject path traversal...
CVE-2002-0588
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to 1 add.php or 2 del.php...