In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server …

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Al…

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions …

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is pr…

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and pr…

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting F…

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to vi…

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations…

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with…

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This v…

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerab…

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote at…

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to …

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installa…

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via th…

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in …

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA…

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in t…

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable …

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which…

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job sub…

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote una…

ZoneMinder is a free, open source Closed-circuit television software application for Linux whic…

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privileg…

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features c…

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed una…

A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release…

AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Su…

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, a…

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken ac…

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network pri…

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via th…

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerabili…

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.…

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for W…

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of d…

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket witho…

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check aut…

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable t…