In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthe…

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…

In the case of instances where the SAML SSO authentication is enabled (non-default), session da…

Nacos is a platform designed for dynamic service discovery and configuration and service manage…

Microsoft Exchange Server Remote Code Execution Vulnerability

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By e…

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remot…

A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure…

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulne…

DataEase is an open source business intelligence and data visualization tool. Versions prior to…

Windows CryptoAPI Spoofing Vulnerability

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modico…

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitab…

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remot…

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsul…

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remot…

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication…

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions f…

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In C…

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. Thi…

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8…

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP reques…

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and…

An authentication issue was addressed with improved state management. This issue is fixed in Ai…

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows …

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp G…

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, a…

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 …

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "…

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for J…

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then imperso…

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering …

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remo…

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 …

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check…

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1…

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabl…

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticat…

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine wheth…

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module …