Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10284 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 9.8 CRITICAL |
| The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2024-9861 | 1 Miniorange | 1 Otp Verification With Firebase | 2025-01-28 | N/A | 8.1 HIGH |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. | |||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2025-01-27 | N/A | 10.0 CRITICAL |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | |||||
| CVE-2024-12857 | 1 Scriptsbundle | 1 Adforest | 2025-01-24 | N/A | 9.8 CRITICAL |
| The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number. | |||||
| CVE-2024-55591 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-23 | N/A | 9.8 CRITICAL |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | |||||
| CVE-2024-47574 | 1 Fortinet | 1 Forticlient | 2025-01-21 | N/A | 7.8 HIGH |
| A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | |||||
| CVE-2024-7125 | 2 Hitachi, Linux | 2 Ops Center Common Services, Linux Kernel | 2025-01-21 | N/A | 7.8 HIGH |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | |||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 10.0 CRITICAL |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2022-36249 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.4 MEDIUM |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | |||||
| CVE-2024-12847 | 2025-01-10 | N/A | 9.8 CRITICAL | ||
| NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017. | |||||
| CVE-2024-12402 | 2025-01-07 | N/A | 9.8 CRITICAL | ||
| The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | |||||
| CVE-2024-21491 | 1 Svix | 1 Svix-webhooks | 2025-01-03 | N/A | 5.9 MEDIUM |
| Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | |||||
| CVE-2024-56044 | 2024-12-31 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9. | |||||
| CVE-2024-51464 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
| IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | |||||
| CVE-2024-11349 | 2024-12-21 | N/A | 9.8 CRITICAL | ||
| The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators. | |||||
| CVE-2024-43234 | 2024-12-20 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. | |||||
| CVE-2024-56013 | 2024-12-16 | N/A | 8.8 HIGH | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2. | |||||
| CVE-2023-42793 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |||||