Total
365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10284 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 9.8 CRITICAL |
| The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-9861 | 1 Miniorange | 1 Otp Verification With Firebase | 2025-01-28 | N/A | 8.1 HIGH |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. | |||||
| CVE-2024-12857 | 1 Scriptsbundle | 1 Adforest | 2025-01-24 | N/A | 9.8 CRITICAL |
| The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number. | |||||
| CVE-2024-47574 | 1 Fortinet | 1 Forticlient | 2025-01-21 | N/A | 7.8 HIGH |
| A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | |||||
| CVE-2024-7125 | 2 Hitachi, Linux | 2 Ops Center Common Services, Linux Kernel | 2025-01-21 | N/A | 7.8 HIGH |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | |||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 10.0 CRITICAL |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2022-36249 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.4 MEDIUM |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | |||||
| CVE-2024-12402 | 2025-01-07 | N/A | 9.8 CRITICAL | ||
| The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | |||||
| CVE-2024-56044 | 2024-12-31 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9. | |||||
| CVE-2024-56013 | 2024-12-16 | N/A | 8.8 HIGH | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2. | |||||
| CVE-2024-54336 | 2024-12-13 | N/A | 8.8 HIGH | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7. | |||||
| CVE-2024-54297 | 2024-12-13 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3. | |||||
| CVE-2024-54296 | 2024-12-13 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2. | |||||
| CVE-2024-54295 | 2024-12-13 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7. | |||||
| CVE-2024-54294 | 2024-12-13 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1. | |||||
| CVE-2024-25036 | 1 Ibm | 1 Cognos Controller | 2024-12-11 | N/A | 4.3 MEDIUM |
| IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | |||||
| CVE-2024-11178 | 2024-12-06 | N/A | 8.1 HIGH | ||
| The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-10961 | 2024-12-06 | N/A | 9.8 CRITICAL | ||
| The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | |||||