Total
3617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26073 | 1 Atlassian | 1 Connect Express | 2025-02-12 | 4.0 MEDIUM | 7.7 HIGH |
| Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2020-4427 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 9.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. | |||||
| CVE-2025-25205 | 2025-02-12 | N/A | 8.2 HIGH | ||
| Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue. | |||||
| CVE-2025-25201 | 2025-02-12 | N/A | 4.0 MEDIUM | ||
| Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the application. An attacker without access to the proper administration key would be able to generate new keys and overwrite certificates. Such an attacker would not be able to read-out or extract existing private data, nor would they be able to gain access to cryptographic operations that would normally require PIN-based authentication. The issue is fixed in piv-authenticator 0.3.9, and in Nitrokey's firmware 1.8.1. | |||||
| CVE-2023-28727 | 1 Panasonic | 2 Aiseg2, Aiseg2 Firmware | 2025-02-12 | N/A | 9.6 CRITICAL |
| Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | |||||
| CVE-2024-52968 | 2025-02-11 | N/A | 6.7 MEDIUM | ||
| An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. | |||||
| CVE-2023-1980 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-10 | N/A | 6.5 MEDIUM |
| Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. | |||||
| CVE-2023-25597 | 1 Mitel | 1 Micollab | 2025-02-07 | N/A | 5.9 MEDIUM |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | |||||
| CVE-2024-20856 | 1 Samsung | 1 Android | 2025-02-07 | N/A | 4.3 MEDIUM |
| Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. | |||||
| CVE-2023-30869 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | |||||
| CVE-2022-45174 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code. | |||||
| CVE-2022-45173 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct. | |||||
| CVE-2023-38096 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718. | |||||
| CVE-2022-48314 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-06 | N/A | 6.5 MEDIUM |
| The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-40507 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2021-40506 | 1 Openrisc | 2 Or1200, Or1200 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution. | |||||
| CVE-2024-48445 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. | |||||
| CVE-2024-10963 | 2025-02-06 | N/A | 7.4 HIGH | ||
| A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. | |||||
| CVE-2022-37345 | 1 Intel | 16 Nuc Kit Nuc5i3ryh, Nuc Kit Nuc5i3ryh Firmware, Nuc Kit Nuc5i3ryhs and 13 more | 2025-02-05 | N/A | 7.8 HIGH |
| Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29893 | 1 Intel | 1 Active Management Technology Firmware | 2025-02-05 | N/A | 8.1 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||