Medium
CVSS: 5.9
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsi…
High
CVSS: 8.6
Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack
Low
CVSS: 3.3
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…
Low
CVSS: 3.2
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction i…
Medium
CVSS: 4.0
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation…
Medium
CVSS: 4.6
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP…
Medium
CVSS: 4.2
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5…
High
CVSS: 7.5
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based se…
Critical
CVSS: 9.3
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.
High
CVSS: 7.1
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privi…
Medium
CVSS: 6.5
An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
Critical
CVSS: 9.8
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain…
Medium
CVSS: 5.4
CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry se…
Critical
CVSS: 9.1
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulne…
Critical
CVSS: 9.8
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
High
CVSS: 7.3
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updatin…
Medium
CVSS: 6.9
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Critical
CVSS: 10.0
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing ke…
Medium
CVSS: 6.9
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access p…
Medium
CVSS: 6.3
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attac…