Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/cod…

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versi…

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…

The previous default setting for Airflow's Experimental API was to allow all API requests witho…

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attac…

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that all…

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 U…

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication …

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Su…

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated a…

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.…

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 throug…

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Open…

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability.…

Internet Shortcut Files Security Feature Bypass Vulnerability

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not pe…

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers…

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SR…

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and Support…

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an …

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. R…

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login…

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded o…

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 t…

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebS…

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_P…

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code ex…

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business E…

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows …

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces fr…

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attack…

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX…

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative passw…

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authe…

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Cor…

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability…

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attac…

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote …

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in th…

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in po…