Total
3774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | N/A | 9.8 CRITICAL |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 6.5 MEDIUM | 7.2 HIGH |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2025-29906 | 2025-05-02 | N/A | 8.6 HIGH | ||
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. | |||||
| CVE-2024-40713 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2025-05-01 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-3477 | 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project | 3 Newsmag, Newspaper, Tagdiv Composer | 2025-04-30 | N/A | 9.8 CRITICAL |
| The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | |||||
| CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 6.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-37774 | 1 Maarch | 1 Maarch Rm | 2025-04-29 | N/A | 5.3 MEDIUM |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | |||||
| CVE-2024-47218 | 1 Vesoft | 1 Nebulagraph Database | 2025-04-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | |||||
| CVE-2025-22228 | 2025-04-25 | N/A | 7.4 HIGH | ||
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | |||||
| CVE-2022-36133 | 1 Epson | 18 Tm-c3500, Tm-c3500 Firmware, Tm-c3510 and 15 more | 2025-04-25 | N/A | 9.1 CRITICAL |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | |||||
| CVE-2024-1735 | 1 Linecorp | 1 Armeria | 2025-04-25 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later. | |||||
| CVE-2024-44843 | 1 Steve-community | 1 Steve | 2025-04-25 | N/A | 5.9 MEDIUM |
| An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. | |||||
| CVE-2022-46411 | 1 Veritas | 2 Access Appliance, Netbackup Flex Scale Appliance | 2025-04-24 | N/A | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | |||||
| CVE-2022-38336 | 1 Mobatek | 1 Mobaxterm | 2025-04-24 | N/A | 8.1 HIGH |
| An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | |||||
| CVE-2023-44752 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | |||||
| CVE-2022-43549 | 1 Veeam | 1 Veeam Backup For Google Cloud | 2025-04-24 | N/A | 9.8 CRITICAL |
| Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | |||||
| CVE-2022-43504 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 5.3 MEDIUM |
| Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. | |||||