Medium
CVSS: 6.9
A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saas/commonApi/park/getParks of the component API. The manipulation leads to impro…
Medium
CVSS: 6.9
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing aut…
Medium
CVSS: 6.9
A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack…
High
CVSS: 8.5
A flaw exists in the Windows login flow where an AuthContext token can
be exploited for replay attacks and authentication bypass.
Medium
CVSS: 5.8
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential is…
High
CVSS: 7.7
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access.…
High
CVSS: 7.0
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an
unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to
reboot the workstation and interr…
High
CVSS: 7.2
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment,…
Critical
CVSS: 9.5
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables…
High
CVSS: 8.1
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on t…
Critical
CVSS: 9.8
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for una…
Medium
CVSS: 5.1
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint
Medium
CVSS: 5.1
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key
Medium
CVSS: 5.1
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint
Critical
CVSS: 9.8
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.
Critical
CVSS: 9.8
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.
Medium
CVSS: 4.3
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.
Low
CVSS: 1.0
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It…
High
CVSS: 7.5
FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow t…
Medium
CVSS: 5.4
While processing the authentication message in UE, improper authentication may lead to information disclosure.