Total
3962 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2025-06-17 | 6.5 Medium |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | ||||
| CVE-2024-28735 | 2 Coda, Unit4 | 2 Unit 4 Financials, Financials By Coda | 2025-06-17 | 8.1 High |
| Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request. | ||||
| CVE-2025-0070 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2025-06-16 | 9.9 Critical |
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. | ||||
| CVE-2023-51717 | 1 Dataiku | 1 Data Science Studio | 2025-06-16 | 9.8 Critical |
| Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | ||||
| CVE-2024-38822 | 2025-06-16 | 2.7 Low | ||
| Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. | ||||
| CVE-2025-6172 | 1 Tecno | 1 Com.afmobi.boomplayer | 2025-06-16 | 9.8 Critical |
| Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. | ||||
| CVE-2024-38825 | 2025-06-16 | 6.4 Medium | ||
| The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted. | ||||
| CVE-2025-22236 | 2025-06-16 | 8.1 High | ||
| Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0). | ||||
| CVE-2025-5906 | 1 Code-projects | 1 Laundry System | 2025-06-13 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-23806 | 1 Hidglobal | 4 Iclass Se Reader Configuration Cards, Iclass Se Reader Configuration Cards Firmware, Omnikey Secure Elements Reader Configuration Cards and 1 more | 2025-06-13 | 5.3 Medium |
| Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. | ||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 9.8 Critical |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||
| CVE-2023-42531 | 1 Samsung | 1 Android | 2025-06-12 | 6.2 Medium |
| Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background. | ||||
| CVE-2025-47889 | 1 Jenkins | 1 Wso2 Oauth | 2025-06-12 | 9.8 Critical |
| In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. | ||||
| CVE-2023-52111 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-11 | 7.5 High |
| Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2020-18305 | 1 Extremenetworks | 2 Exos, Extremexos | 2025-06-11 | 8 High |
| Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. | ||||
| CVE-2023-29155 | 1 Inea | 2 Me Rtu, Me Rtu Firmware | 2025-06-11 | 9.8 Critical |
| Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system. | ||||
| CVE-2023-51761 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | 8.3 High |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | ||||
| CVE-2022-39801 | 1 Sap | 1 Access Control | 2025-06-10 | 7.5 High |
| SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. | ||||
| CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2025-06-10 | 9.8 Critical |
| CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | ||||
| CVE-2025-5870 | 2025-06-09 | 7.3 High | ||
| A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||