Total
3748 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13804 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| Unauthenticated RCE in HPE Insight Cluster Management Utility | |||||
| CVE-2025-31122 | 2025-04-01 | N/A | N/A | ||
| scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | |||||
| CVE-2024-57490 | 1 Ioffice | 1 Ioffice20 | 2025-04-01 | N/A | 7.7 HIGH |
| Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw. | |||||
| CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||||
| CVE-2023-52540 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2024-6057 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 9.8 CRITICAL |
| Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. | |||||
| CVE-2025-1231 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | |||||
| CVE-2024-11671 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | |||||
| CVE-2023-24830 | 1 Apache | 1 Iotdb | 2025-03-28 | N/A | 7.5 HIGH |
| Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | |||||
| CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2025-03-27 | N/A | 7.8 HIGH |
| Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | |||||
| CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-27 | N/A | 7.5 HIGH |
| Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | |||||
| CVE-2023-38367 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-03-27 | N/A | 6.5 MEDIUM |
| IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. | |||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2025-03-27 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | N/A | 8.1 HIGH |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | |||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | |||||
| CVE-2023-41956 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-25 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. | |||||
| CVE-2024-22441 | 1 Hpe | 1 Cray Parallel Application Launch Service | 2025-03-25 | N/A | 9.8 CRITICAL |
| HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | |||||
| CVE-2022-48294 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-45724 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | N/A | 5.4 MEDIUM |
| Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | |||||