Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37914 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | |||||
| CVE-2022-37913 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | |||||
| CVE-2024-47806 | 1 Jenkins | 1 Openid Connect Authentication | 2025-05-06 | N/A | 8.1 HIGH |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | |||||
| CVE-2024-47807 | 1 Jenkins | 1 Openid Connect Authentication | 2025-05-06 | N/A | 8.1 HIGH |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | |||||
| CVE-2022-32935 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | N/A | 4.6 MEDIUM |
| A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | |||||
| CVE-2022-32928 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. | |||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | |||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | |||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2025-05-05 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | |||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | N/A | 9.8 CRITICAL |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 6.5 MEDIUM | 7.2 HIGH |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2025-29906 | 2025-05-02 | N/A | 8.6 HIGH | ||
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. | |||||
| CVE-2024-40713 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2025-05-01 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-3477 | 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project | 3 Newsmag, Newspaper, Tagdiv Composer | 2025-04-30 | N/A | 9.8 CRITICAL |
| The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | |||||
| CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 6.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-37774 | 1 Maarch | 1 Maarch Rm | 2025-04-29 | N/A | 5.3 MEDIUM |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | |||||
| CVE-2024-47218 | 1 Vesoft | 1 Nebulagraph Database | 2025-04-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | |||||