Total
1125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | N/A | 7.5 HIGH |
| A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information. | |||||
| CVE-2024-2076 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392. | |||||
| CVE-2023-6949 | 2024-05-17 | N/A | 5.2 MEDIUM | ||
| A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication. | |||||
| CVE-2023-6221 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-05-17 | N/A | 6.5 MEDIUM |
| The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more. | |||||
| CVE-2023-49617 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-05-17 | N/A | 9.1 CRITICAL |
| The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication. | |||||
| CVE-2023-3104 | 1 Unitree | 2 A1, A1 Firmware | 2024-05-17 | N/A | 7.5 HIGH |
| Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication. | |||||
| CVE-2023-2231 | 1 Max-tech | 2 Max-g866ac, Max-g866ac Firmware | 2024-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-0906 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | |||||
| CVE-2022-4229 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | |||||
| CVE-2022-4228 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | |||||
| CVE-2022-46463 | 1 Linuxfoundation | 1 Harbor | 2024-05-17 | N/A | 7.5 HIGH |
| An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." | |||||
| CVE-2022-38168 | 1 Avaya | 4 Scopia Pathfinder 10 Pts, Scopia Pathfinder 10 Pts Firmware, Scopia Pathfinder 20 Pts and 1 more | 2024-05-17 | N/A | 9.1 CRITICAL |
| Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | |||||
| CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced | |||||
| CVE-2024-30391 | 2024-05-16 | N/A | 4.8 MEDIUM | ||
| A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3, * 21.2 versions before 21.2R2-S1, 21.2R3, * 21.3 versions before 21.3R1-S2, 21.3R2. | |||||
| CVE-2024-20391 | 2024-05-15 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device. | |||||
| CVE-2024-27942 | 2024-05-14 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. | |||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-05-09 | N/A | 7.5 HIGH |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | |||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2024-2860 | 2024-05-08 | N/A | 7.8 HIGH | ||
| The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | |||||
| CVE-2023-37325 | 2024-05-08 | N/A | 5.4 MEDIUM | ||
| D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. | |||||