Total
3320 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28666 | 1 Yikesinc | 1 Custom Product Tabs For Woocommerce | 2024-09-16 | N/A | 5.3 MEDIUM |
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | |||||
CVE-2021-45036 | 1 Velneo | 1 Vclient | 2024-09-16 | N/A | 7.4 HIGH |
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. | |||||
CVE-2023-40660 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-16 | N/A | 6.6 MEDIUM |
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. | |||||
CVE-2024-6582 | 2024-09-14 | N/A | 6.5 MEDIUM | ||
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. | |||||
CVE-2024-45113 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 7.5 HIGH |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction. | |||||
CVE-2024-45823 | 2024-09-12 | N/A | 8.1 HIGH | ||
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. | |||||
CVE-2023-6155 | 1 Ays-pro | 1 Quiz Maker | 2024-09-12 | N/A | 5.3 MEDIUM |
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | |||||
CVE-2024-23470 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-11 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables. | |||||
CVE-2024-23465 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | |||||
CVE-2024-23471 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | |||||
CVE-2024-38225 | 2024-09-10 | N/A | 8.8 HIGH | ||
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
CVE-2023-37226 | 2024-09-10 | N/A | 9.8 CRITICAL | ||
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. | |||||
CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-10 | N/A | 7.1 HIGH |
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343. | |||||
CVE-2023-44152 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2024-09-10 | N/A | 9.1 CRITICAL |
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
CVE-2024-7015 | 2024-09-09 | N/A | N/A | ||
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | |||||
CVE-2024-40713 | 2024-09-09 | N/A | 7.8 HIGH | ||
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
CVE-2023-45038 | 2024-09-09 | N/A | 4.3 MEDIUM | ||
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later | |||||
CVE-2024-30939 | 2024-09-06 | N/A | 6.8 MEDIUM | ||
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | |||||
CVE-2024-7593 | 1 Ivanti | 1 Virtual Traffic Management | 2024-09-06 | N/A | 9.8 CRITICAL |
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||||
CVE-2024-37408 | 2024-09-06 | N/A | 7.3 HIGH | ||
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd. |