Total
3946 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-13804 | 2025-04-01 | 9.8 Critical | ||
Unauthenticated RCE in HPE Insight Cluster Management Utility | ||||
CVE-2025-31122 | 2025-04-01 | N/A | ||
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | ||||
CVE-2025-3062 | 2025-04-01 | 6.6 Medium | ||
Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | ||||
CVE-2024-57490 | 1 Ioffice | 1 Ioffice20 | 2025-04-01 | 7.7 High |
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw. | ||||
CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | 9.1 Critical |
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | ||||
CVE-2024-28006 | 2025-03-29 | 5.3 Medium | ||
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information. | ||||
CVE-2023-52540 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | 9.8 Critical |
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | ||||
CVE-2024-6057 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 9.8 Critical |
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. | ||||
CVE-2025-1231 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 5.4 Medium |
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | ||||
CVE-2024-11671 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 5.4 Medium |
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | ||||
CVE-2023-24830 | 1 Apache | 1 Iotdb | 2025-03-28 | 7.5 High |
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | ||||
CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.6 Medium |
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | ||||
CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2025-03-27 | 7.8 High |
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | ||||
CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-27 | 7.5 High |
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | ||||
CVE-2023-38367 | 1 Ibm | 2 Cloud Pak For Automation, Cloud Pak For Business Automation | 2025-03-27 | 6.5 Medium |
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. | ||||
CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2025-03-27 | 9.8 Critical |
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | ||||
CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 5.9 Medium |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | ||||
CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 7.6 High |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | ||||
CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | 8.1 High |
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. |