Total
4027 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2025-03-27 | 7.8 High |
| Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | ||||
| CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-27 | 7.5 High |
| Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | ||||
| CVE-2023-38367 | 1 Ibm | 2 Cloud Pak For Automation, Cloud Pak For Business Automation | 2025-03-27 | 6.5 Medium |
| IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. | ||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2025-03-27 | 9.8 Critical |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 5.9 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | ||||
| CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | ||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | 8.1 High |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | ||||
| CVE-2023-42818 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 5.4 Medium |
| JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.8 High |
| Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | ||||
| CVE-2023-41956 | 2 Simple-membership-plugin, Smp7 Wpinsider | 2 Simple Membership, Simple Membership | 2025-03-25 | 8.8 High |
| Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. | ||||
| CVE-2024-22441 | 1 Hpe | 1 Cray Parallel Application Launch Service | 2025-03-25 | 9.8 Critical |
| HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | ||||
| CVE-2022-48294 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2023-21425 | 1 Samsung | 1 Android | 2025-03-24 | 4.3 Medium |
| Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2023-21419 | 1 Google | 1 Android | 2025-03-24 | 4.3 Medium |
| An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. | ||||
| CVE-2023-21437 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | ||||
| CVE-2022-45724 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | 5.4 Medium |
| Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | ||||
| CVE-2024-20301 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | 6.2 Medium |
| A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions. | ||||
| CVE-2025-27138 | 1 Dataease | 1 Dataease | 2025-03-21 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2019-16261 | 1 Tripplite | 2 Pdumh15at, Pdumh15at Firmware | 2025-03-21 | 9.1 Critical |
| Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. | ||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2025-03-20 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | ||||