Total
3896 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6083 | 2025-06-17 | N/A | ||
| In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id. | ||||
| CVE-2023-47256 | 1 Connectwise | 2 Automate, Screenconnect | 2025-06-17 | 5.5 Medium |
| ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | ||||
| CVE-2021-3784 | 1 Garudalinux | 1 Garuda Linux | 2025-06-17 | 5.3 Medium |
| Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password. | ||||
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2025-06-17 | 6.5 Medium |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | ||||
| CVE-2024-28735 | 2 Coda, Unit4 | 2 Unit 4 Financials, Financials By Coda | 2025-06-17 | 8.1 High |
| Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request. | ||||
| CVE-2023-51717 | 1 Dataiku | 1 Data Science Studio | 2025-06-16 | 9.8 Critical |
| Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | ||||
| CVE-2024-38822 | 2025-06-16 | 2.7 Low | ||
| Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. | ||||
| CVE-2025-6172 | 2025-06-16 | 9.8 Critical | ||
| Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. | ||||
| CVE-2025-22236 | 2025-06-16 | 8.1 High | ||
| Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0). | ||||
| CVE-2024-38825 | 2025-06-16 | 6.4 Medium | ||
| The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted. | ||||
| CVE-2024-49039 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-16 | 8.8 High |
| Windows Task Scheduler Elevation of Privilege Vulnerability | ||||
| CVE-2024-38124 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-06-16 | 9 Critical |
| Windows Netlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-38139 | 1 Microsoft | 1 Dataverse | 2025-06-16 | 8.7 High |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-5906 | 1 Code-projects | 1 Laundry System | 2025-06-13 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-23806 | 1 Hidglobal | 4 Iclass Se Reader Configuration Cards, Iclass Se Reader Configuration Cards Firmware, Omnikey Secure Elements Reader Configuration Cards and 1 more | 2025-06-13 | 5.3 Medium |
| Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. | ||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 9.8 Critical |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-29627 | 2025-06-12 | 6.8 Medium | ||
| An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module | ||||
| CVE-2025-49146 | 2025-06-12 | 8.2 High | ||
| pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7. | ||||
| CVE-2023-42531 | 1 Samsung | 1 Android | 2025-06-12 | 6.2 Medium |
| Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background. | ||||
| CVE-2025-47889 | 1 Jenkins | 1 Wso2 Oauth | 2025-06-12 | 9.8 Critical |
| In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. | ||||