Total
3607 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38096 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718. | |||||
| CVE-2022-48314 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-06 | N/A | 6.5 MEDIUM |
| The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-40507 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2021-40506 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2024-48445 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. | |||||
| CVE-2024-10963 | 2025-02-06 | N/A | 7.4 HIGH | ||
| A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. | |||||
| CVE-2022-37345 | 1 Intel | 16 Nuc Kit Nuc5i3ryh, Nuc Kit Nuc5i3ryh Firmware, Nuc Kit Nuc5i3ryhs and 13 more | 2025-02-05 | N/A | 7.8 HIGH |
| Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29893 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 8.1 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-27874 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2025-02-05 | N/A | 6.8 MEDIUM |
| Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-26845 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 8.7 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26508 | 1 Intel | 1 Server Debug And Provisioning Tool | 2025-02-05 | N/A | 4.3 MEDIUM |
| Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-21794 | 1 Intel | 10 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Business Nuc8i7hnkqc Firmware, Nuc 8 Enthusiast Nuc8i7hvkva and 7 more | 2025-02-05 | N/A | 7.7 HIGH |
| Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33159 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 7.4 HIGH |
| Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33076 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2025-02-05 | N/A | 5.3 MEDIUM |
| Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2025-23419 | 2025-02-05 | N/A | 4.3 MEDIUM | ||
| When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-22893 | 1 Strapi | 1 Strapi | 2025-02-05 | N/A | 7.5 HIGH |
| Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. | |||||
| CVE-2022-36370 | 1 Intel | 4 Nuc Board Nuc5i3mybe, Nuc Board Nuc5i3mybe Firmware, Nuc Kit Nuc5i3myhe and 1 more | 2025-02-05 | N/A | 7.5 HIGH |
| Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-51478 | 1 Buildapp | 1 Build App Online | 2025-02-05 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2023-48747 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2. | |||||
| CVE-2023-47504 | 1 Elementor | 1 Website Builder | 2025-02-05 | N/A | 7.5 HIGH |
| Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | |||||