Authentication Bypass
Monthly
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing.6.2-20250805. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_modules' function in all versions up to, and including, 2.56. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Rated high severity (CVSS 7.2). No vendor patch available.
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers.07.2025. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mitigation bypass in the Web Compatibility: Tooling component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Spoofing issue in the WebAuthn component in Firefox for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Same-origin policy bypass in the Layout component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
The Sparkle framework includes a helper tool Autoupdate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was resolved by blocking unsigned services from launching on Intel Macs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue existed in the handling of environment variables. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved entitlements. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An authorization issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Openfire is an XMPP server licensed under the Open Source Apache License. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking.0 version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in newbee-mall 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing.6.2-20250805. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_modules' function in all versions up to, and including, 2.56. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Rated high severity (CVSS 7.2). No vendor patch available.
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers.07.2025. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mitigation bypass in the Web Compatibility: Tooling component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Spoofing issue in the WebAuthn component in Firefox for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Same-origin policy bypass in the Layout component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
The Sparkle framework includes a helper tool Autoupdate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was resolved by blocking unsigned services from launching on Intel Macs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue existed in the handling of environment variables. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved entitlements. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An authorization issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Openfire is an XMPP server licensed under the Open Source Apache License. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking.0 version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in newbee-mall 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.