Total
3960 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34388 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2025-06-03 | 6.5 Medium |
| AnĀ Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | ||||
| CVE-2025-32815 | 1 Infoblox | 1 Netmri | 2025-06-03 | 6.5 Medium |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. | ||||
| CVE-2025-5149 | 1 Wcms | 1 Wcms | 2025-06-03 | 5.6 Medium |
| A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6344 | 1 Tylertech | 1 Court Case Management Plus | 2025-06-03 | 5.3 Medium |
| Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. | ||||
| CVE-2025-5437 | 2025-06-02 | 5.3 Medium | ||
| A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-31264 | 1 Apple | 1 Macos | 2025-06-02 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 8.2 High |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | ||||
| CVE-2024-41195 | 1 Ocuco | 1 Innovation | 2025-05-30 | 9.8 Critical |
| An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2024-41196 | 1 Ocuco | 1 Innovation | 2025-05-30 | 9.8 Critical |
| An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2024-41197 | 1 Ocuco | 1 Innovation | 2025-05-30 | 9.8 Critical |
| An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2024-41198 | 1 Ocuco | 1 Innovation | 2025-05-30 | 9.8 Critical |
| An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2024-41199 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.2 High |
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2023-47189 | 1 Wpmudev | 1 Defender | 2025-05-29 | 5.3 Medium |
| Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | ||||
| CVE-2023-37226 | 1 Loftware | 1 Spectrum | 2025-05-29 | 9.8 Critical |
| Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. | ||||
| CVE-2022-28321 | 2 Linux-pam, Opensuse | 2 Linux-pam, Tumbleweed | 2025-05-29 | 9.8 Critical |
| The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. | ||||
| CVE-2025-0605 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.6 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | ||||
| CVE-2023-51982 | 1 Cratedb | 1 Cratedb | 2025-05-29 | 9.8 Critical |
| CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231) | ||||
| CVE-2024-1006 | 1 Shanxi Tianneng Technology | 1 Noderp | 2025-05-29 | 7.3 High |
| A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-23126 | 1 Teslamate | 1 Teslamate | 2025-05-28 | 9.8 Critical |
| TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. | ||||
| CVE-2023-31634 | 1 Teslamate | 1 Teslamate | 2025-05-28 | 9.8 Critical |
| In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. | ||||