Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31511 | 2025-07-25 | N/A | 7.3 HIGH | ||
| An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. | |||||
| CVE-2025-48906 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27695 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | N/A | 4.9 MEDIUM |
| Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. | |||||
| CVE-2025-2188 | 1 Honor | 1 Gamecenter | 2025-07-11 | N/A | 8.1 HIGH |
| There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity. | |||||
| CVE-2023-48396 | 1 Apache | 1 Seatunnel | 2025-07-10 | N/A | 9.1 CRITICAL |
| Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. | |||||
| CVE-2023-30464 | 1 Coredns.io | 1 Coredns | 2025-07-10 | N/A | 7.5 HIGH |
| CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | |||||
| CVE-2025-23168 | 1 Versa-networks | 1 Versa Director | 2025-07-09 | N/A | 6.3 MEDIUM |
| The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the OTP delivery (SMS/email) to their own device. OTP/TOTP codes are not invalidated after use, enabling reuse by an attacker who has previously intercepted or obtained a valid code. In addition, the 2FA system does not adequately restrict the number or frequency of login attempts. The OTP values are generated from a relatively small keyspace, making brute-force attacks more feasible. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Versa recommends that Director be upgraded to one of the remediated software versions. | |||||
| CVE-2024-20363 | 1 Cisco | 3 Firepower Threat Defense, Snort, Unified Threat Defense Snort Intrusion Prevention System Engine | 2025-07-03 | N/A | 5.8 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. | |||||
| CVE-2025-34063 | 2025-07-03 | N/A | N/A | ||
| A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment. | |||||
| CVE-2025-34053 | 2025-07-03 | N/A | N/A | ||
| An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. | |||||
| CVE-2025-34065 | 2025-07-03 | N/A | N/A | ||
| An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls. | |||||
| CVE-2025-30142 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 8.1 HIGH |
| An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP scanning or other means, an attacker can spoof the MAC address and connect to the dashcam without going through the pairing process. This enables full access to the device. | |||||
| CVE-2024-27349 | 1 Apache | 1 Hugegraph | 2025-06-30 | N/A | 9.1 CRITICAL |
| Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | |||||
| CVE-2024-54085 | 2 Ami, Netapp | 19 Megarac Sp-x, H300s, H300s Firmware and 16 more | 2025-06-27 | N/A | 9.8 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2025-32788 | 1 Octoprint | 1 Octoprint | 2025-06-27 | N/A | 4.3 MEDIUM |
| OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0. | |||||
| CVE-2025-32966 | 1 Dataease | 1 Dataease | 2025-06-24 | N/A | 9.8 CRITICAL |
| DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8. | |||||
| CVE-2024-51504 | 1 Apache | 1 Zookeeper | 2025-06-24 | N/A | 9.1 CRITICAL |
| When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. Users are recommended to upgrade to version 3.9.3, which fixes this issue. | |||||
| CVE-2023-4566 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | N/A | 7.5 HIGH |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-34397 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Glib and 1 more | 2025-06-18 | N/A | 5.2 MEDIUM |
| An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | |||||
| CVE-2023-44117 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | N/A | 7.5 HIGH |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||