Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | |||||
| CVE-2023-31292 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2025-04-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | |||||
| CVE-2025-31478 | 2025-04-17 | N/A | 8.2 HIGH | ||
| Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed. | |||||
| CVE-2022-47209 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-04-17 | N/A | 8.8 HIGH |
| A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. | |||||
| CVE-2020-14504 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. | |||||
| CVE-2025-30215 | 2025-04-17 | N/A | 9.6 CRITICAL | ||
| NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. This vulnerability is fixed in v2.11.1 or v2.10.27. | |||||
| CVE-2022-46400 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2025-04-17 | N/A | 5.4 MEDIUM |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. | |||||
| CVE-2022-42453 | 1 Hcltech | 1 Bigfix Platform | 2025-04-17 | N/A | 6.9 MEDIUM |
| There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. | |||||
| CVE-2022-40494 | 1 Ehang-io | 1 Nps | 2025-04-17 | N/A | 9.8 CRITICAL |
| NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. | |||||
| CVE-2022-46316 | 1 Huawei | 1 Harmonyos | 2025-04-17 | N/A | 9.8 CRITICAL |
| A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | |||||
| CVE-2022-46313 | 1 Huawei | 1 Harmonyos | 2025-04-17 | N/A | 5.3 MEDIUM |
| The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone. | |||||
| CVE-2022-41590 | 1 Huawei | 1 Harmonyos | 2025-04-16 | N/A | 5.5 MEDIUM |
| Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. | |||||
| CVE-2023-44039 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | N/A | 9.1 CRITICAL |
| In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account. | |||||
| CVE-2025-27641 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009. | |||||
| CVE-2025-2572 | 2025-04-15 | N/A | 5.6 MEDIUM | ||
| In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. | |||||
| CVE-2022-46875 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
| The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | |||||
| CVE-2022-47633 | 1 Kyverno | 1 Kyverno | 2025-04-15 | N/A | 8.1 HIGH |
| An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases. | |||||
| CVE-2020-11101 | 1 Sierrawireless | 1 Airlink Mobility Manager | 2025-04-14 | N/A | 9.8 CRITICAL |
| Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. | |||||
| CVE-2014-3895 | 1 Iodata | 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | |||||