Total
4018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44821 | 1 Zzcms | 1 Zzcms | 2025-04-23 | N/A | 5.3 MEDIUM |
| ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages. | |||||
| CVE-2022-44620 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | N/A | 8.8 HIGH |
| Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | |||||
| CVE-2025-3268 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-25685 | 1 Qualcomm | 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more | 2025-04-22 | N/A | 7.5 HIGH |
| Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-25667 | 1 Qualcomm | 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more | 2025-04-22 | N/A | 7.5 HIGH |
| Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-47408 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2025-04-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people. | |||||
| CVE-2025-30287 | 1 Adobe | 1 Coldfusion | 2025-04-21 | N/A | 8.2 HIGH |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. | |||||
| CVE-2016-5410 | 2 Firewalld, Redhat | 5 Firewalld, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | |||||
| CVE-2017-8194 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | |||||
| CVE-2017-14000 | 1 Ctekproducts | 4 Skyrouter Z4200, Skyrouter Z4200 Firmware, Skyrouter Z4400 and 1 more | 2025-04-20 | 7.5 HIGH | 9.4 CRITICAL |
| An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. | |||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||||
| CVE-2017-5192 | 1 Saltstack | 1 Salt | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | |||||
| CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||||
| CVE-2017-6549 | 1 Asus | 2 Rt-ac53, Rt-ac53 Firmware | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. | |||||
| CVE-2017-1000154 | 1 Mahara | 1 Mahara | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | |||||
| CVE-2017-6062 | 1 Openidc | 1 Mod Auth Openidc | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | |||||
| CVE-2017-6722 | 1 Cisco | 1 Unified Contact Center Express | 2025-04-20 | 5.5 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61). | |||||
| CVE-2017-10807 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | |||||
| CVE-2017-3880 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. | |||||
| CVE-2017-14706 | 1 Denyall | 2 I-suite, Web Application Firewall | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||