Total
3813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26508 | 1 Intel | 1 Server Debug And Provisioning Tool | 2025-02-05 | N/A | 4.3 MEDIUM |
| Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-21794 | 1 Intel | 10 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Business Nuc8i7hnkqc Firmware, Nuc 8 Enthusiast Nuc8i7hvkva and 7 more | 2025-02-05 | N/A | 7.7 HIGH |
| Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33159 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 7.4 HIGH |
| Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33076 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2025-02-05 | N/A | 5.3 MEDIUM |
| Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-36370 | 1 Intel | 4 Nuc Board Nuc5i3mybe, Nuc Board Nuc5i3mybe Firmware, Nuc Kit Nuc5i3myhe and 1 more | 2025-02-05 | N/A | 7.5 HIGH |
| Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-51478 | 1 Buildapp | 1 Build App Online | 2025-02-05 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2023-48747 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2. | |||||
| CVE-2023-47504 | 1 Elementor | 1 Website Builder | 2025-02-05 | N/A | 7.5 HIGH |
| Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | |||||
| CVE-2024-12510 | 2025-02-03 | N/A | 6.7 MEDIUM | ||
| If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup. | |||||
| CVE-2024-37368 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 7.5 HIGH |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | |||||
| CVE-2023-27388 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2025-01-31 | N/A | 9.8 CRITICAL |
| Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | |||||
| CVE-2023-25946 | 1 Qrio | 2 Q-sl2, Q-sl2 Firmware | 2025-01-31 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions. | |||||
| CVE-2023-30063 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2025-01-30 | N/A | 7.5 HIGH |
| D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | |||||
| CVE-2023-30061 | 1 Dlink | 2 Dir-879, Dir-879 Firmware | 2025-01-30 | N/A | 7.5 HIGH |
| D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | |||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2025-01-30 | N/A | 9.8 CRITICAL |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | |||||
| CVE-2023-30328 | 1 Mailbutler | 1 Shimo | 2025-01-29 | N/A | 9.8 CRITICAL |
| An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. | |||||
| CVE-2023-28182 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-01-29 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device. | |||||
| CVE-2023-27919 | 1 Next-engine | 1 Next Engine Integration | 2025-01-27 | N/A | 5.3 MEDIUM |
| Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system. | |||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | N/A | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | |||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2025-01-24 | N/A | 9.8 CRITICAL |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | |||||