Total
3924 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20083 | 2025-05-16 | 7.5 High | ||
| Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-42172 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 5.3 Medium |
| HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. | ||||
| CVE-2021-36369 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-05-15 | 7.5 High |
| An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | ||||
| CVE-2022-35135 | 1 Boodskap | 1 Iot Platform | 2025-05-15 | 8.8 High |
| Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | ||||
| CVE-2022-40664 | 1 Apache | 1 Shiro | 2025-05-15 | 9.8 Critical |
| Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | ||||
| CVE-2022-38982 | 1 Huawei | 1 Harmonyos | 2025-05-15 | 9.8 Critical |
| The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | ||||
| CVE-2022-41436 | 1 Oxhoo | 2 Tp50, Tp50 Firmware | 2025-05-14 | 9.1 Critical |
| An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | ||||
| CVE-2022-42488 | 1 Openharmony | 1 Openharmony | 2025-05-14 | 8.4 High |
| OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | ||||
| CVE-2024-6235 | 1 Citrix | 1 Netscaler Console | 2025-05-14 | 8.8 High |
| Sensitive information disclosure in NetScaler Console | ||||
| CVE-2022-42463 | 1 Openharmony | 1 Openharmony | 2025-05-14 | 8.3 High |
| OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | ||||
| CVE-2025-41450 | 2025-05-14 | 8.2 High | ||
| Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2 | ||||
| CVE-2025-22477 | 1 Dell | 1 Storage Manager | 2025-05-13 | 8.3 High |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2022-2533 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||
| CVE-2022-23769 | 2 Megazone, Microsoft | 2 Reversewall-mds, Windows | 2025-05-13 | 7.5 High |
| Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution. | ||||
| CVE-2025-3659 | 2025-05-13 | N/A | ||
| Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings. | ||||
| CVE-2025-46572 | 2025-05-13 | N/A | ||
| passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability. | ||||
| CVE-2024-49076 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-13 | 7.8 High |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | ||||
| CVE-2025-4144 | 1 Cloudflare | 1 Workers-oauth-provider | 2025-05-12 | 9.8 Critical |
| PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27 https://github.com/cloudflare/workers-oauth-provider/pull/27 Impact: PKCE is a defense-in-depth mechanism against certain kinds of attacks and was an optional extension in OAuth 2.0 which became required in the OAuth 2.1 draft. (Note that the MCP specification requires OAuth 2.1.). This bug completely bypasses PKCE protection. | ||||
| CVE-2020-28052 | 4 Apache, Bouncycastle, Oracle and 1 more | 27 Karaf, Bc-java, Banking Corporate Lending Process Management and 24 more | 2025-05-12 | 8.1 High |
| An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | ||||
| CVE-2024-11186 | 2025-05-12 | 10 Critical | ||
| On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service. | ||||