Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0812 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. | ||||
| CVE-2015-0225 | 2 Apache, Redhat | 2 Cassandra, Jboss Operations Network | 2025-04-12 | N/A |
| The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | ||||
| CVE-2014-4872 | 1 Bmc | 1 Track-it\! | 2025-04-12 | N/A |
| BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | ||||
| CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 10 Critical |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | ||||
| CVE-2014-3576 | 3 Apache, Oracle, Redhat | 5 Activemq, Business Intelligence Publisher, Fusion Middleware and 2 more | 2025-04-12 | N/A |
| The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. | ||||
| CVE-2014-3518 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more | 2025-04-12 | N/A |
| jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-2590 | 1 Siemens | 3 Ruggedcom Rs950g, Ruggedcom Rsg2488, Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. | ||||
| CVE-2013-6496 | 1 Redhat | 2 Conga, Rhel Cluster | 2025-04-12 | N/A |
| Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | ||||
| CVE-2025-0256 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | 4.3 Medium |
| HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | ||||
| CVE-2023-40393 | 1 Apple | 1 Macos | 2025-04-11 | 7.5 High |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2023-31132 | 2 Cacti, Microsoft | 2 Cacti, Windows | 2025-04-11 | 7.8 High |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-30391 | 1 Juniper | 38 Csrx, Junos, Mx240 and 35 more | 2025-04-11 | 4.8 Medium |
| A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3, * 21.2 versions before 21.2R2-S1, 21.2R3, * 21.3 versions before 21.3R1-S2, 21.3R2. | ||||
| CVE-2013-3060 | 2 Apache, Redhat | 3 Activemq, Fuse Message Broker, Fuse Mq Enterprise | 2025-04-11 | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | ||||
| CVE-2013-0314 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | ||||
| CVE-2011-4605 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2025-04-11 | N/A |
| The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. | ||||
| CVE-2011-3055 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | ||||
| CVE-2025-1283 | 1 Dingtian-tech | 8 Dt-r002, Dt-r002 Firmware, Dt-r008 and 5 more | 2025-04-10 | 9.8 Critical |
| The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | ||||
| CVE-2022-38057 | 1 Themehunk | 1 Advanced Wordpress Search | 2025-04-10 | 6.5 Medium |
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | ||||
| CVE-2025-29870 | 2025-04-10 | 7.5 High | ||
| Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information. | ||||
| CVE-2025-0257 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-10 | 6.3 Medium |
| HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||||