Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2024-08-02 | 6.8 Medium |
| VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | ||||
| CVE-2023-5935 | 2024-08-02 | 7.4 High | ||
| When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed. | ||||
| CVE-2023-4857 | 2024-08-02 | 7.5 High | ||
| An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. | ||||
| CVE-2023-4702 | 1 Yepas | 1 Digital Yepas | 2024-08-02 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1. | ||||
| CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-08-02 | 7.8 High |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | ||||
| CVE-2023-3104 | 1 Unitree | 2 A1, A1 Firmware | 2024-08-02 | 5.7 Medium |
| Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication. | ||||
| CVE-2023-2834 | 1 Stylemixthemes | 1 Bookit | 2024-08-02 | 9.8 Critical |
| The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2023-2827 | 1 Sap | 2 Digital Manufacturing, Plant Connectivity | 2024-08-02 | 7.9 High |
| SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing. | ||||
| CVE-2023-2781 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-08-02 | 8.1 High |
| The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default. | ||||
| CVE-2023-2704 | 1 Vibethemes | 1 Bp Social Connect | 2024-08-02 | 9.8 Critical |
| The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2023-2231 | 1 Max-tech | 2 Max-g866ac, Max-g866ac Firmware | 2024-08-02 | 9.8 Critical |
| A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2187 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-08-02 | 5.3 Medium |
| On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events. | ||||
| CVE-2023-1837 | 1 Hypr | 1 Hypr Server | 2024-08-02 | 8.5 High |
| Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | ||||
| CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | ||||
| CVE-2023-0919 | 1 Kavitareader | 1 Kavita | 2024-08-02 | 8.1 High |
| Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | ||||
| CVE-2023-0906 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-08-02 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | ||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2024-08-02 | 7.5 High |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-0102 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2024-08-02 | 9.1 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | ||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2024-08-02 | 9.8 Critical |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | ||||
| CVE-2024-39601 | 2024-08-02 | 6.5 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | ||||