CVE-2024-11494 (v3: 7.5) 20 Nov 2024
**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could a... Read more ➔
CVE-2024-47533 18 Nov 2024
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability st... Read more ➔
CVE-2024-52518 15 Nov 2024
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be... Read more ➔
CVE-2024-11209 14 Nov 2024
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the compon... Read more ➔
CVE-2024-51996 13 Nov 2024
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, S... Read more ➔
CVE-2024-51997 8 Nov 2024
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) toke... Read more ➔
CVE-2024-10963 (v3: 6.5) 7 Nov 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to... Read more ➔
CVE-2024-9946 6 Nov 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versio... Read more ➔
CVE-2024-10114 (v3: 8.1) 5 Nov 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to... Read more ➔
CVE-2024-10097 (v3: 8.1) 5 Nov 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This i... Read more ➔
CVE-2024-49755 28 Oct 2024
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insuff... Read more ➔
CVE-2024-49757 25 Oct 2024
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check... Read more ➔
CVE-2024-49376 25 Oct 2024
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0.... Read more ➔
CVE-2024-7763 24 Oct 2024
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentia... Read more ➔
CVE-2024-9947 (v3: 8.1) 23 Oct 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insuffic... Read more ➔
CVE-2024-9927 (v3: 7.2) 23 Oct 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5... Read more ➔
CVE-2024-10173 20 Oct 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the componen... Read more ➔
CVE-2024-45216 16 Oct 2024
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authent... Read more ➔
CVE-2020-36832 (v3: 9.8) 16 Oct 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it... Read more ➔
CVE-2024-38139 (v3: 8.7) 16 Oct 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Read more ➔
CVE-2024-47080 15 Oct 2024
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `Mat... Read more ➔
CVE-2024-45148 (v3: 8.8) 10 Oct 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result... Read more ➔
CVE-2024-41798 8 Oct 2024
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative... Read more ➔