In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthe…

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…

In the case of instances where the SAML SSO authentication is enabled (non-default), session da…

Nacos is a platform designed for dynamic service discovery and configuration and service manage…

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By e…

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remot…

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulne…

DataEase is an open source business intelligence and data visualization tool. Versions prior to…

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modico…

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitab…

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In C…

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. Thi…

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows …

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for J…

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 ar…

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile em…

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attac…

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote att…

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specifica…

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1…

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by s…

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting …

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to interce…

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ stream…

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt librar…

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameter…

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP mod…

CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to …

An app could impersonate system notifications. Sensitive notifications now require restricted e…

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechan…