Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2025-04-09 | 7.5 HIGH | N/A |
|
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
|
|||||
| CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
|
|||||
| CVE-2008-6984 | 1 Parallels | 1 Plesk | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
|
|||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
|
|||||
| CVE-2024-45346 | 2025-04-08 | N/A | 8.8 HIGH | ||
|
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
|
|||||
| CVE-2023-34124 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-08 | N/A | 9.8 CRITICAL |
|
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
|
|||||
| CVE-2022-25027 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | N/A | 7.5 HIGH |
|
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
|
|||||
| CVE-2022-39184 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | N/A | 9.8 CRITICAL |
|
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.
|
|||||
| CVE-2023-22278 | 1 Daj | 1 M-filter | 2025-04-04 | N/A | 5.3 MEDIUM |
|
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
|
|||||
| CVE-2023-22303 | 1 Tp-link | 2 Tl-sg105pe, Tl-sg105pe Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
|
TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator.
|
|||||
| CVE-2022-45922 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
|
|||||
| CVE-2021-4314 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2025-04-03 | N/A | 5.3 MEDIUM |
|
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound servi ...
Show More |
|||||
| CVE-2025-29773 | 1 Froxlor | 1 Froxlor | 2025-04-03 | N/A | 5.8 MEDIUM |
|
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attac ...
Show More |
|||||
| CVE-2020-22657 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | N/A | 9.1 CRITICAL |
|
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attacker ...
Show More |
|||||
| CVE-2023-22334 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | N/A | 5.3 MEDIUM |
|
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
|
|||||
| CVE-2023-22964 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-04-03 | N/A | 9.1 CRITICAL |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
|
|||||
| CVE-2025-27425 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 4.3 MEDIUM |
|
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.
|
|||||
| CVE-2005-4006 | 1 Redgraphic | 1 Sapid Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
|
|||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
|
|||||
| CVE-2005-4851 | 1 Ez | 1 Ez Publish | 2025-04-03 | 4.0 MEDIUM | N/A |
|
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
|
|||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2025-04-03 | 10.0 HIGH | N/A |
|
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
|
|||||
| CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
|
|||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2025-04-03 | 6.8 MEDIUM | N/A |
|
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
|
|||||
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
|
|||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
|
|||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
|
|||||
| CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2025-04-03 | 7.5 HIGH | N/A |
|
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).
|
|||||
| CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
|
|||||
| CVE-2006-2224 | 1 Quagga | 1 Quagga Routing Software Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
|
|||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
|
|||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2025-04-03 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
|
|||||
| CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2025-04-03 | 2.1 LOW | N/A |
|
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
|
|||||
| CVE-2002-2417 | 1 Acftp | 1 Acftp | 2025-04-03 | 10.0 HIGH | N/A |
|
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
|
|||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
|
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
|
|||||
| CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
|
|||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
|
|||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
|
|||||
| CVE-2006-1228 | 1 Drupal | 1 Drupal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
|
|||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
|
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
|
|||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
|
|||||