Total
3905 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2025-5597 | 2025-06-04 | N/A | N/A | ||
| Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571. | |||||
| CVE-2021-42949 | 1 Digitaldruid | 1 Hoteldruid | 2025-06-03 | N/A | 9.8 CRITICAL |
| The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | |||||
| CVE-2025-4755 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-06-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-39009 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | N/A | 9.8 CRITICAL |
| The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. | |||||
| CVE-2023-50919 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2025-06-03 | N/A | 9.8 CRITICAL |
| An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | |||||
| CVE-2023-49262 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. | |||||
| CVE-2023-46942 | 1 Evershop | 1 Evershop | 2025-06-03 | N/A | 7.5 HIGH |
| Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | |||||
| CVE-2025-44083 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication | |||||
| CVE-2025-32815 | 1 Infoblox | 1 Netmri | 2025-06-03 | N/A | 6.5 MEDIUM |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. | |||||
| CVE-2025-5149 | 1 Wcms | 1 Wcms | 2025-06-03 | 5.1 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5437 | 2025-06-02 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-31264 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 4.6 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | N/A | 8.2 HIGH |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | |||||
| CVE-2024-41195 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2024-41196 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2024-41197 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2024-41198 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2024-41199 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.2 HIGH |
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2023-47189 | 1 Wpmudev | 1 Defender | 2025-05-29 | N/A | 5.3 MEDIUM |
| Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | |||||