Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1801 | 1 Very Simple Contact Form Project | 1 Very Simple Contact Form | 2023-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | |||||
| CVE-2022-33720 | 1 Google | 1 Android | 2023-07-21 | N/A | 2.4 LOW |
| Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | |||||
| CVE-2022-33736 | 1 Siemens | 1 Opcenter Quality | 2023-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. | |||||
| CVE-2023-31007 | 1 Apache | 1 Pulsar | 2023-07-20 | N/A | 6.5 MEDIUM |
| Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions. | |||||
| CVE-2023-3127 | 1 Johnsoncontrols | 8 Edge G2, Edge G2 Firmware, Istar Ultra and 5 more | 2023-07-20 | N/A | 9.8 CRITICAL |
| An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | |||||
| CVE-2019-1937 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2023-07-17 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device. | |||||
| CVE-2022-4722 | 1 Ikus-soft | 1 Rdiffweb | 2023-07-17 | N/A | 7.2 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-39892 | 1 Samsung | 1 Pass | 2023-07-14 | N/A | 9.8 CRITICAL |
| Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | |||||
| CVE-2022-39219 | 1 Xbifrost | 1 Bifrost | 2023-07-11 | N/A | 6.5 MEDIUM |
| Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds. | |||||
| CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2023-07-10 | N/A | 9.8 CRITICAL |
| MegaRAC Default Credentials Vulnerability | |||||
| CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2023-07-10 | N/A | 9.8 CRITICAL |
| MegaRAC Default Credentials Vulnerability | |||||
| CVE-2022-45124 | 1 Wellintech | 1 Kinghistorian | 2023-07-07 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability. | |||||
| CVE-2023-32620 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-07-06 | N/A | 6.5 MEDIUM |
| Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | |||||
| CVE-2023-32222 | 1 Dlink | 2 Dsl-g256dg, Dsl-g256dg Firmware | 2023-07-06 | N/A | 9.8 CRITICAL |
| D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | |||||
| CVE-2023-35154 | 1 Eng | 1 Knowage | 2023-07-03 | N/A | 6.5 MEDIUM |
| Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8. | |||||
| CVE-2023-28073 | 1 Dell | 4 Latitude 5530, Latitude 5530 Firmware, Precision 3570 and 1 more | 2023-06-30 | N/A | 7.8 HIGH |
| Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. | |||||
| CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2023-06-30 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | |||||
| CVE-2023-32523 | 1 Trendmicro | 1 Mobile Security | 2023-06-30 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | |||||
| CVE-2022-3875 | 1 Clickstudios | 1 Passwordstate | 2023-06-27 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | |||||
| CVE-2021-42849 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2023-06-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | |||||