Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-09-05 | N/A | 7.8 HIGH |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | |||||
| CVE-2024-7346 | 1 Progress | 1 Openedge | 2024-09-05 | N/A | 4.8 MEDIUM |
| Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. | |||||
| CVE-2024-7745 | 1 Progress | 1 Ws Ftp Server | 2024-09-04 | N/A | 8.1 HIGH |
| In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | |||||
| CVE-2023-52161 | 1 Intel | 1 Inet Wireless Daemon | 2024-08-29 | N/A | 7.5 HIGH |
| The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key. | |||||
| CVE-2024-42462 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2022-4861 | 1 M-files | 1 M-files Client | 2024-08-28 | N/A | 4.9 MEDIUM |
| Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. | |||||
| CVE-2024-42336 | 1 Servision | 1 Ivg Webmax | 2024-08-27 | N/A | 9.8 CRITICAL |
| Servision - CWE-287: Improper Authentication | |||||
| CVE-2024-25313 | 1 Code-projects | 1 Simple School Management System | 2024-08-26 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | |||||
| CVE-2024-43409 | 1 Ghost | 1 Ghost | 2024-08-26 | N/A | 6.5 MEDIUM |
| Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | |||||
| CVE-2024-41800 | 1 Craftcms | 1 Craft Cms | 2024-08-26 | N/A | 7.5 HIGH |
| Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3. | |||||
| CVE-2024-4784 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 5.4 MEDIUM |
| An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | |||||
| CVE-2024-22394 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2024-08-22 | N/A | 9.8 CRITICAL |
| An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | |||||
| CVE-2024-7746 | 1 Traccar | 1 Traccar | 2024-08-22 | N/A | 9.8 CRITICAL |
| Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability. | |||||
| CVE-2024-28200 | 1 N-able | 1 N-central | 2024-08-22 | N/A | 9.8 CRITICAL |
| The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild. | |||||
| CVE-2024-5012 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | N/A | 8.6 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. | |||||
| CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | N/A | 5.3 MEDIUM |
| BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-5805 | 1 Progress | 1 Moveit Gateway | 2024-08-20 | N/A | 9.1 CRITICAL |
| Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | |||||
| CVE-2024-25157 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2024-08-19 | N/A | 6.5 MEDIUM |
| An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification. | |||||
| CVE-2024-24496 | 1 Remyandrade | 1 Daily Habit Tracker | 2024-08-19 | N/A | 9.8 CRITICAL |
| An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. | |||||
| CVE-2024-37367 | 1 Rockwellautomation | 1 Factorytalk View | 2024-08-16 | N/A | 7.5 HIGH |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification. | |||||