Total
3606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22657 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | N/A | 9.1 CRITICAL |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass. | |||||
| CVE-2023-22334 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | N/A | 5.3 MEDIUM |
| Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | |||||
| CVE-2023-22964 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-04-03 | N/A | 9.1 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | |||||
| CVE-2025-27425 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 4.3 MEDIUM |
| Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. | |||||
| CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2025-04-03 | 6.4 MEDIUM | N/A |
| The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | |||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
| webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
| CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | |||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2025-04-03 | 10.0 HIGH | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||||
| CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
| edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||
| CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | |||||
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2025-04-03 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
| CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2025-04-03 | 7.5 HIGH | N/A |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
| CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | |||||
| CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2025-04-03 | 7.5 HIGH | N/A |
| newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | |||||
| CVE-2002-2279 | 1 Aldap | 1 Aldap | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | |||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
| The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | |||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2025-04-03 | 6.8 MEDIUM | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | |||||
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |||||