Total
3961 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37298 | 1 Shinken-monitoring | 1 Shinken Monitoring | 2025-05-08 | 9.8 Critical |
| Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. | ||||
| CVE-2024-0568 | 1 Se | 4 Renf22r2mmw, Renf22r2mmw Firmware, Rmnf22tb30 and 1 more | 2025-05-08 | 8.8 High |
| CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | ||||
| CVE-2022-42233 | 1 Tenda | 2 11n, 11n Firmware | 2025-05-08 | 9.8 Critical |
| Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | ||||
| CVE-2023-6483 | 1 Aditaas | 1 Allied Digital Integrated Tool-as-a-service | 2025-05-07 | 9.1 Critical |
| The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform. | ||||
| CVE-2025-4268 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.3 Medium |
| A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46573 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2025-05-07 | N/A |
| passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability. | ||||
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2025-05-07 | 9.8 Critical |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | ||||
| CVE-2022-26870 | 1 Dell | 1 Powerstoreos | 2025-05-07 | 7 High |
| Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. | ||||
| CVE-2022-37914 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | 9.8 Critical |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2022-37913 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | 9.8 Critical |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2024-47806 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-47807 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2022-32935 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | 4.6 Medium |
| A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | ||||
| CVE-2022-32928 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | 5.3 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. | ||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 6.6 Medium |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | ||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | 9.8 Critical |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | ||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2025-05-05 | 3.7 Low |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | ||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | 9.8 Critical |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 7.2 High |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | ||||
| CVE-2024-38099 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-05 | 5.9 Medium |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | ||||