Total
3813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26074 | 1 Atlassian | 1 Connect Spring Boot | 2025-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2021-26073 | 1 Atlassian | 1 Connect Express | 2025-02-12 | 4.0 MEDIUM | 7.7 HIGH |
| Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2025-25201 | 2025-02-12 | N/A | 4.0 MEDIUM | ||
| Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the application. An attacker without access to the proper administration key would be able to generate new keys and overwrite certificates. Such an attacker would not be able to read-out or extract existing private data, nor would they be able to gain access to cryptographic operations that would normally require PIN-based authentication. The issue is fixed in piv-authenticator 0.3.9, and in Nitrokey's firmware 1.8.1. | |||||
| CVE-2023-28727 | 1 Panasonic | 2 Aiseg2, Aiseg2 Firmware | 2025-02-12 | N/A | 9.6 CRITICAL |
| Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | |||||
| CVE-2023-1980 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-10 | N/A | 6.5 MEDIUM |
| Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. | |||||
| CVE-2023-25597 | 1 Mitel | 1 Micollab | 2025-02-07 | N/A | 5.9 MEDIUM |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | |||||
| CVE-2024-20856 | 1 Samsung | 1 Android | 2025-02-07 | N/A | 4.3 MEDIUM |
| Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. | |||||
| CVE-2023-30869 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | |||||
| CVE-2022-45174 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code. | |||||
| CVE-2022-45173 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct. | |||||
| CVE-2023-38096 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718. | |||||
| CVE-2022-48314 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-06 | N/A | 6.5 MEDIUM |
| The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-40507 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2021-40506 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2024-48445 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. | |||||
| CVE-2024-10963 | 2025-02-06 | N/A | 7.4 HIGH | ||
| A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. | |||||
| CVE-2022-37345 | 1 Intel | 16 Nuc Kit Nuc5i3ryh, Nuc Kit Nuc5i3ryh Firmware, Nuc Kit Nuc5i3ryhs and 13 more | 2025-02-05 | N/A | 7.8 HIGH |
| Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29893 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 8.1 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-27874 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2025-02-05 | N/A | 6.8 MEDIUM |
| Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-26845 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 8.7 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||