Total
4007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4843 | 1 Toutvirtual | 1 Virtualiq | 2026-04-29 | 7.5 HIGH | N/A |
| ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. | |||||
| CVE-2013-2743 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2026-04-29 | 7.5 HIGH | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter. | |||||
| CVE-2012-6066 | 1 Freesshd | 1 Freesshd | 2026-04-29 | 9.3 HIGH | N/A |
| freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | |||||
| CVE-2011-5053 | 1 Wi-fi | 1 Wifi Protected Setup Protocol | 2026-04-29 | 5.8 MEDIUM | N/A |
| The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | |||||
| CVE-2013-1150 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2026-04-29 | 7.8 HIGH | N/A |
| The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590. | |||||
| CVE-2013-4304 | 2 Brion Vibber, Mediawiki | 2 Centralauth Extension, Mediawiki | 2026-04-29 | 7.5 HIGH | N/A |
| The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. | |||||
| CVE-2014-0015 | 1 Haxx | 2 Curl, Libcurl | 2026-04-29 | 4.0 MEDIUM | N/A |
| cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. | |||||
| CVE-2013-4061 | 1 Ibm | 1 Rational Policy Tester | 2026-04-29 | 4.0 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | |||||
| CVE-2010-0833 | 1 Likewise | 2 Likewise Cifs, Likewise Open | 2026-04-29 | 9.3 HIGH | N/A |
| The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | |||||
| CVE-2013-0209 | 1 Sixapart | 1 Movable Type | 2026-04-29 | 7.5 HIGH | N/A |
| lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. | |||||
| CVE-2010-1670 | 1 Mahara | 1 Mahara | 2026-04-29 | 7.5 HIGH | N/A |
| Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-2756 | 1 Manageengine | 1 Servicedesk Plus | 2026-04-29 | 5.0 MEDIUM | N/A |
| FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | |||||
| CVE-2011-2361 | 1 Google | 1 Chrome | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. | |||||
| CVE-2013-5944 | 1 Siemens | 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt | 2026-04-29 | 10.0 HIGH | N/A |
| The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | |||||
| CVE-2010-2149 | 1 Fujitsu | 1 E-pares | 2026-04-29 | 4.0 MEDIUM | N/A |
| Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-2907 | 1 Clusterresources | 1 Torque Resource Manager | 2026-04-29 | 7.5 HIGH | N/A |
| Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program. | |||||
| CVE-2011-0011 | 1 Qemu | 1 Qemu | 2026-04-29 | 4.3 MEDIUM | N/A |
| qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. | |||||
| CVE-2011-3997 | 1 Opengear | 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more | 2026-04-29 | 7.5 HIGH | N/A |
| Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | |||||
| CVE-2012-2498 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2026-04-29 | 4.0 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | |||||
| CVE-2010-2620 | 1 Open-ftpd | 1 Open-ftpd | 2026-04-29 | 9.3 HIGH | N/A |
| Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. | |||||