Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35670 | 1 Softlabbd | 1 Integrate Google Drive | 2024-08-01 | N/A | 9.8 CRITICAL |
| Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93. | |||||
| CVE-2023-41264 | 1 Netwrix | 1 Usercube | 2024-08-01 | N/A | 9.8 CRITICAL |
| Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints). | |||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2024-08-01 | N/A | 9.8 CRITICAL |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | |||||
| CVE-2019-20464 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. | |||||
| CVE-2024-39767 | 1 Mattermost | 1 Mattermost Mobile | 2024-07-16 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications. | |||||
| CVE-2024-38433 | 1 Nuvoton | 8 Npcm705r, Npcm705r Firmware, Npcm710r and 5 more | 2024-07-15 | N/A | 6.7 MEDIUM |
| Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | |||||
| CVE-2024-30299 | 1 Adobe | 1 Framemaker Publishing Server | 2024-07-15 | N/A | 9.8 CRITICAL |
| Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-5432 | 1 Webinane | 1 Lifeline Donation | 2024-07-15 | N/A | 9.8 CRITICAL |
| The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-6397 | 1 Instawp | 1 Instawp Connect | 2024-07-12 | N/A | 9.8 CRITICAL |
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery. | |||||
| CVE-2024-39723 | 1 Ibm | 1 Storage Virtualize | 2024-07-11 | N/A | 4.6 MEDIUM |
| IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. | |||||
| CVE-2024-34103 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 8.1 HIGH |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high. | |||||
| CVE-2024-20900 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 3.3 LOW |
| Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. | |||||
| CVE-2024-20890 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 8.8 HIGH |
| Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. | |||||
| CVE-2024-20889 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 4.3 MEDIUM |
| Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | |||||
| CVE-2024-1573 | 2024-07-05 | N/A | N/A | ||
| Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. | |||||
| CVE-2024-34596 | 1 Samsung | 1 Smartthings | 2024-07-02 | N/A | 7.5 HIGH |
| Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. | |||||
| CVE-2024-37233 | 2024-06-24 | N/A | N/A | ||
| Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through 3.6.4. | |||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-06-20 | N/A | 7.3 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-3080 | 2024-06-17 | N/A | 9.8 CRITICAL | ||
| Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | |||||
| CVE-2024-5658 | 1 Born05 | 1 Two-factor Authentication | 2024-06-11 | N/A | 6.5 MEDIUM |
| The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. | |||||