Total
3906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 6.5 MEDIUM | 7.2 HIGH |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2025-29906 | 2025-05-02 | N/A | 8.6 HIGH | ||
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. | |||||
| CVE-2024-40713 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2025-05-01 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-3477 | 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project | 3 Newsmag, Newspaper, Tagdiv Composer | 2025-04-30 | N/A | 9.8 CRITICAL |
| The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | |||||
| CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 6.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-37774 | 1 Maarch | 1 Maarch Rm | 2025-04-29 | N/A | 5.3 MEDIUM |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | |||||
| CVE-2024-47218 | 1 Vesoft | 1 Nebulagraph Database | 2025-04-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | |||||
| CVE-2025-22228 | 2025-04-25 | N/A | 7.4 HIGH | ||
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | |||||
| CVE-2022-36133 | 1 Epson | 18 Tm-c3500, Tm-c3500 Firmware, Tm-c3510 and 15 more | 2025-04-25 | N/A | 9.1 CRITICAL |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | |||||
| CVE-2024-1735 | 1 Linecorp | 1 Armeria | 2025-04-25 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later. | |||||
| CVE-2024-44843 | 1 Steve-community | 1 Steve | 2025-04-25 | N/A | 5.9 MEDIUM |
| An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. | |||||
| CVE-2022-46411 | 1 Veritas | 2 Access Appliance, Netbackup Flex Scale Appliance | 2025-04-24 | N/A | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | |||||
| CVE-2022-38336 | 1 Mobatek | 1 Mobaxterm | 2025-04-24 | N/A | 8.1 HIGH |
| An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | |||||
| CVE-2023-44752 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | |||||
| CVE-2022-43549 | 1 Veeam | 1 Veeam Backup For Google Cloud | 2025-04-24 | N/A | 9.8 CRITICAL |
| Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | |||||
| CVE-2022-43504 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 5.3 MEDIUM |
| Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2023-2975 | 2 Netapp, Openssl | 3 Management Services For Element Software And Netapp Hci, Ontap Select Deploy Administration Utility, Openssl | 2025-04-23 | N/A | 5.3 MEDIUM |
| Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. | |||||