Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27672 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016. | |||||
| CVE-2024-12869 | 1 Infiniflow | 1 Ragflow | 2025-04-01 | N/A | 4.3 MEDIUM |
| In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. | |||||
| CVE-2024-13804 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| Unauthenticated RCE in HPE Insight Cluster Management Utility | |||||
| CVE-2025-31122 | 2025-04-01 | N/A | N/A | ||
| scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | |||||
| CVE-2025-3062 | 2025-04-01 | N/A | 6.6 MEDIUM | ||
| Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | |||||
| CVE-2024-57490 | 1 Ioffice | 1 Ioffice20 | 2025-04-01 | N/A | 7.7 HIGH |
| Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw. | |||||
| CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||||
| CVE-2024-28006 | 2025-03-29 | N/A | 5.3 MEDIUM | ||
| Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information. | |||||
| CVE-2023-52540 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2024-6057 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 9.8 CRITICAL |
| Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. | |||||
| CVE-2025-1231 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | |||||
| CVE-2024-11671 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | |||||
| CVE-2023-24830 | 1 Apache | 1 Iotdb | 2025-03-28 | N/A | 7.5 HIGH |
| Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | |||||
| CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2025-03-27 | N/A | 7.8 HIGH |
| Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | |||||
| CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-27 | N/A | 7.5 HIGH |
| Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | |||||
| CVE-2025-2747 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178. | |||||
| CVE-2025-30214 | 2025-03-27 | N/A | N/A | ||
| Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading. | |||||
| CVE-2025-2746 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | |||||
| CVE-2023-38367 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-03-27 | N/A | 6.5 MEDIUM |
| IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. | |||||