Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47275 | 2025-05-15 | N/A | N/A | ||
| Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected. | |||||
| CVE-2021-36369 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-05-15 | N/A | 7.5 HIGH |
| An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | |||||
| CVE-2022-35135 | 1 Boodskap | 1 Iot Platform | 2025-05-15 | N/A | 8.8 HIGH |
| Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | |||||
| CVE-2022-41436 | 1 Oxhoo | 2 Tp50, Tp50 Firmware | 2025-05-14 | N/A | 9.1 CRITICAL |
| An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | |||||
| CVE-2025-20083 | 2025-05-13 | N/A | N/A | ||
| Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-22477 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 8.8 HIGH |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2022-2533 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.4 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | |||||
| CVE-2025-4494 | 2025-05-09 | N/A | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46590 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.5 MEDIUM |
| Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. | |||||
| CVE-2022-37298 | 1 Shinken-monitoring | 1 Shinken Monitoring | 2025-05-08 | N/A | 9.8 CRITICAL |
| Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. | |||||
| CVE-2022-42233 | 1 Tenda | 2 11n, 11n Firmware | 2025-05-08 | N/A | 9.8 CRITICAL |
| Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | |||||
| CVE-2025-4268 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2025-05-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | |||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | |||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | |||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | N/A | 9.8 CRITICAL |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2025-05-05 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | |||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 6.5 MEDIUM | 7.2 HIGH |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2025-05-05 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2025-05-01 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||