Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0905 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-1101 | 1 Event Management System Project | 1 Event Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability. | |||||
| CVE-2015-10083 | 1 Harrys | 1 Dynosaur-rails | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503. | |||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-26504 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-05-09 | 9.0 HIGH | 8.8 HIGH |
| Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | |||||
| CVE-2024-4601 | 2024-05-07 | N/A | N/A | ||
| An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. | |||||
| CVE-2023-0813 | 1 Redhat | 2 Enterprise Linux, Network Observability | 2024-05-03 | N/A | 7.5 HIGH |
| A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. | |||||
| CVE-2023-4641 | 2 Redhat, Shadow-maint | 9 Codeready Linux Builder, Codeready Linux Builder For Arm64, Codeready Linux Builder For Ibm Z Systems and 6 more | 2024-05-03 | N/A | 5.5 MEDIUM |
| A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | |||||
| CVE-2024-4303 | 2024-04-29 | N/A | 8.8 HIGH | ||
| ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP. | |||||
| CVE-2023-51482 | 2024-04-25 | N/A | N/A | ||
| Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. | |||||
| CVE-2023-51484 | 2024-04-25 | N/A | N/A | ||
| Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. | |||||
| CVE-2023-51471 | 2024-04-24 | N/A | N/A | ||
| Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | |||||
| CVE-2023-51472 | 2024-04-24 | N/A | N/A | ||
| Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | |||||
| CVE-2023-51477 | 2024-04-24 | N/A | N/A | ||
| Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | |||||
| CVE-2023-28540 | 1 Qualcomm | 304 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq5053-aa and 301 more | 2024-04-12 | N/A | 7.5 HIGH |
| Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | |||||
| CVE-2023-21626 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8017 and 367 more | 2024-04-12 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | |||||
| CVE-2022-33242 | 1 Qualcomm | 314 Aqt1000, Aqt1000 Firmware, Ar8031 and 311 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | |||||
| CVE-2022-40536 | 1 Qualcomm | 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | |||||
| CVE-2022-40521 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS due to improper authorization in Modem | |||||
| CVE-2018-7760 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. | |||||