Total
3606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30361 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 9.8 CRITICAL |
| WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue. | |||||
| CVE-2024-41589 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. | |||||
| CVE-2022-47976 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 7.5 HIGH |
| The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | |||||
| CVE-2022-47974 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 6.5 MEDIUM |
| The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. | |||||
| CVE-2022-4874 | 1 Netcommwireless | 6 Nf20, Nf20 Firmware, Nf20mesh and 3 more | 2025-04-09 | N/A | 7.5 HIGH |
| Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page. | |||||
| CVE-2023-0105 | 1 Redhat | 2 Keycloak, Single Sign-on | 2025-04-09 | N/A | 6.5 MEDIUM |
| A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. | |||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2025-04-09 | 7.5 HIGH | N/A |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | |||||
| CVE-2009-3585 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. | |||||
| CVE-2008-1868 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. | |||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2025-04-09 | 10.0 HIGH | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | |||||
| CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2025-04-09 | 7.5 HIGH | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | |||||
| CVE-2008-6763 | 1 Hypersilence | 1 Silentum Loginsys | 2025-04-09 | 7.5 HIGH | N/A |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. | |||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | |||||
| CVE-2007-5383 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2025-04-09 | 10.0 HIGH | N/A |
| The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. | |||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | |||||
| CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | |||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | |||||
| CVE-2008-3703 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | 10.0 HIGH | N/A |
| The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. | |||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2025-04-09 | 4.4 MEDIUM | N/A |
| IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | |||||
| CVE-2008-1264 | 1 Linksys | 1 Wrt54g | 2025-04-09 | 7.5 HIGH | N/A |
| The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | |||||