Total
3657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2025-04-03 | 10.0 HIGH | N/A |
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
CVE-2003-1475 | 1 Netbus | 1 Netbus | 2025-04-03 | 6.8 MEDIUM | N/A |
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
CVE-2006-1228 | 1 Drupal | 1 Drupal | 2025-04-03 | 5.1 MEDIUM | N/A |
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | |||||
CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2025-04-03 | 2.1 LOW | N/A |
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | |||||
CVE-2003-0216 | 1 Cisco | 1 Catos | 2025-04-03 | 9.3 HIGH | N/A |
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
CVE-2006-2224 | 1 Quagga | 1 Quagga Routing Software Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | |||||
CVE-2006-2113 | 2 Dell, Fuji Xerox | 19 3000cn, 3010cn, 3100cn and 16 more | 2025-04-03 | 6.4 MEDIUM | N/A |
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. | |||||
CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | |||||
CVE-2021-43445 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 9.8 CRITICAL |
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key. | |||||
CVE-2021-43444 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 7.5 HIGH |
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key. | |||||
CVE-2023-20924 | 1 Google | 1 Android | 2025-04-02 | N/A | 6.8 MEDIUM |
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A | |||||
CVE-2023-49105 | 1 Owncloud | 1 Owncloud Server | 2025-04-02 | N/A | 9.8 CRITICAL |
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0. | |||||
CVE-2025-27672 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016. | |||||
CVE-2024-12869 | 1 Infiniflow | 1 Ragflow | 2025-04-01 | N/A | 4.3 MEDIUM |
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. | |||||
CVE-2024-13804 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
Unauthenticated RCE in HPE Insight Cluster Management Utility | |||||
CVE-2025-31122 | 2025-04-01 | N/A | N/A | ||
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | |||||
CVE-2025-3062 | 2025-04-01 | N/A | 6.6 MEDIUM | ||
Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | |||||
CVE-2024-57490 | 1 Ioffice | 1 Ioffice20 | 2025-04-01 | N/A | 7.7 HIGH |
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw. | |||||
CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | N/A | 9.1 CRITICAL |
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. |