Filtered by CWE-287
Total 3946 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-13804 2025-04-01 9.8 Critical
Unauthenticated RCE in HPE Insight Cluster Management Utility
CVE-2025-31122 2025-04-01 N/A
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
CVE-2025-3062 2025-04-01 6.6 Medium
Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
CVE-2024-57490 1 Ioffice 1 Ioffice20 2025-04-01 7.7 High
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.
CVE-2024-2862 1 Lg 1 Lg Led Assistant 2025-04-01 9.1 Critical
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
CVE-2024-28006 2025-03-29 5.3 Medium
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information.
CVE-2023-52540 1 Huawei 2 Emui, Harmonyos 2025-03-28 7.5 High
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-48066 1 Totolink 2 A830r, A830r Firmware 2025-03-28 9.8 Critical
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.
CVE-2024-6057 1 Devolutions 1 Remote Desktop Manager 2025-03-28 9.8 Critical
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.
CVE-2025-1231 1 Devolutions 1 Devolutions Server 2025-03-28 5.4 Medium
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.
CVE-2024-11671 1 Devolutions 1 Remote Desktop Manager 2025-03-28 5.4 Medium
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
CVE-2023-24830 1 Apache 1 Iotdb 2025-03-28 7.5 High
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
CVE-2022-43978 1 Pandorafms 1 Pandora Fms 2025-03-27 5.6 Medium
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
CVE-2022-30421 1 Toshiba 1 Storage Security Software 2025-03-27 7.8 High
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.
CVE-2020-20402 1 Portfoliocms Project 1 Portfoliocms 2025-03-27 7.5 High
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
CVE-2023-38367 1 Ibm 2 Cloud Pak For Automation, Cloud Pak For Business Automation 2025-03-27 6.5 Medium
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.
CVE-2022-47003 1 Murasoftware 1 Mura Cms 2025-03-27 9.8 Critical
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.
CVE-2022-4041 1 Hitachi 1 Storage Plug-in 2025-03-26 5.9 Medium
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
CVE-2022-4441 1 Hitachi 1 Storage Plug-in 2025-03-26 7.6 High
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
CVE-2022-42951 1 Couchbase 1 Couchbase Server 2025-03-26 8.1 High
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.