Total
1469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1810 | 1 Dlink | 2 Dwl-900ap\+, Dwl-900ap\+ Firmware | 2025-04-03 | 7.5 High |
| D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | ||||
| CVE-2023-46747 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2025-04-02 | 9.8 Critical |
| Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2021-33658 | 2 Huawei, Openatom | 2 Atune, Openeuler | 2025-04-02 | 7.8 High |
| atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | ||||
| CVE-2022-1388 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-04-02 | 9.8 Critical |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2021-43447 | 1 Onlyoffice | 1 Server | 2025-04-02 | 7.5 High |
| ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication. | ||||
| CVE-2025-25060 | 2025-04-02 | N/A | ||
| Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker. | ||||
| CVE-2022-3738 | 1 Wago | 14 Cc100, Cc100 Firmware, Edge Controller and 11 more | 2025-04-02 | 5.9 Medium |
| The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. | ||||
| CVE-2023-0463 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-02 | 7.8 High |
| The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. | ||||
| CVE-2025-1941 | 1 Mozilla | 1 Firefox | 2025-03-28 | 9.1 Critical |
| Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. | ||||
| CVE-2023-48426 | 1 Google | 1 Chromecast | 2025-03-28 | 10 Critical |
| u-boot bug that allows for u-boot shell and interrupt over UART | ||||
| CVE-2024-2921 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 9.8 Critical |
| Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. | ||||
| CVE-2024-13772 | 1 Uxper | 1 Civi | 2025-03-28 | 5.6 Medium |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation. | ||||
| CVE-2021-36888 | 1 Blocksera | 1 Image Hover Effects | 2025-03-28 | 9.8 Critical |
| Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | ||||
| CVE-2024-45483 | 2025-03-27 | N/A | ||
| A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system. | ||||
| CVE-2024-45355 | 2025-03-27 | 5.5 Medium | ||
| A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | ||||
| CVE-2024-45356 | 2025-03-27 | 7.3 High | ||
| A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | ||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-03-27 | 6.3 Medium |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||||
| CVE-2025-25068 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 7.5 High |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes. | ||||
| CVE-2024-8053 | 1 Openwebui | 1 Open Webui | 2025-03-27 | 8.2 High |
| In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts. | ||||
| CVE-2023-25014 | 1 In2code | 1 Femanager | 2025-03-26 | 8.6 High |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | ||||