Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0625 | 4 Adobe, Apple, Microsoft and 1 more | 4 Coldfusion, Mac Os X, Windows and 1 more | 2024-07-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2024-38433 | 1 Nuvoton | 8 Npcm705r, Npcm705r Firmware, Npcm710r and 5 more | 2024-07-15 | N/A | 6.7 MEDIUM |
| Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | |||||
| CVE-2024-30299 | 1 Adobe | 1 Framemaker Publishing Server | 2024-07-15 | N/A | 9.8 CRITICAL |
| Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-5432 | 1 Webinane | 1 Lifeline Donation | 2024-07-15 | N/A | 9.8 CRITICAL |
| The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-6397 | 1 Instawp | 1 Instawp Connect | 2024-07-12 | N/A | 9.8 CRITICAL |
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery. | |||||
| CVE-2024-38099 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-11 | N/A | 5.9 MEDIUM |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | |||||
| CVE-2024-6235 | 2024-07-11 | N/A | N/A | ||
| Sensitive information disclosure in NetScaler Console | |||||
| CVE-2024-29849 | 2024-07-11 | N/A | 9.8 CRITICAL | ||
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | |||||
| CVE-2024-23767 | 2024-07-11 | N/A | 8.8 HIGH | ||
| An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations. | |||||
| CVE-2024-39723 | 1 Ibm | 1 Storage Virtualize | 2024-07-11 | N/A | 4.6 MEDIUM |
| IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. | |||||
| CVE-2024-34103 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 8.1 HIGH |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high. | |||||
| CVE-2024-20900 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 3.3 LOW |
| Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. | |||||
| CVE-2024-39830 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.9 MEDIUM |
| Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison. | |||||
| CVE-2024-20890 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 8.8 HIGH |
| Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. | |||||
| CVE-2024-20889 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 4.3 MEDIUM |
| Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | |||||
| CVE-2024-1573 | 2024-07-05 | N/A | 5.9 MEDIUM | ||
| Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. | |||||
| CVE-2024-37019 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | |||||
| CVE-2024-34093 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | |||||
| CVE-2024-33110 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | |||||
| CVE-2024-23251 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-07-03 | N/A | 4.6 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials. | |||||