Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44821 | 1 Zzcms | 1 Zzcms | 2025-04-23 | N/A | 5.3 MEDIUM |
| ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages. | |||||
| CVE-2022-44620 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | N/A | 8.8 HIGH |
| Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | |||||
| CVE-2025-3850 | 2025-04-23 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-27086 | 2025-04-23 | N/A | 8.1 HIGH | ||
| A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. | |||||
| CVE-2025-3268 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24949 | 1 Joturl | 1 Joturl | 2025-04-22 | N/A | 6.5 MEDIUM |
| In JotUrl 2.0, is possible to bypass security requirements during the password change process. | |||||
| CVE-2022-25685 | 1 Qualcomm | 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more | 2025-04-22 | N/A | 7.5 HIGH |
| Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-25667 | 1 Qualcomm | 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more | 2025-04-22 | N/A | 7.5 HIGH |
| Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-47408 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2025-04-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people. | |||||
| CVE-2025-30287 | 1 Adobe | 1 Coldfusion | 2025-04-21 | N/A | 8.2 HIGH |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. | |||||
| CVE-2017-6868 | 1 Siemens | 1 Simatic Cp 44x-1 Redundant Network Access Modules | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU. | |||||
| CVE-2017-9314 | 1 Dahuasecurity | 44 Nvr5208-4ks2, Nvr5208-4ks2 Firmware, Nvr5208-8p-4ks2 and 41 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. | |||||
| CVE-2017-16566 | 1 Qacctv | 2 Jooan A5 Ip Camera, Jooan A5 Ip Camera Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. | |||||
| CVE-2016-7145 | 1 Nefarious2 Project | 1 Nefarious2 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2017-1000068 | 1 Betterment | 1 Testtrack | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | |||||
| CVE-2017-14147 | 1 Fiberhome | 2 Adsl An1020-25, Adsl An1020-25 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. | |||||
| CVE-2017-6781 | 1 Cisco | 1 Policy Suite | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0. | |||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | |||||
| CVE-2017-9860 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2017-7284 | 1 Unitrends | 1 Enterprise Backup | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover. | |||||