Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (544 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51452 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-30184 | 1 Cyberdata | 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware | 2025-08-12 | 9.8 Critical |
| CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. | ||||
| CVE-2025-0549 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 6.8 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. | ||||
| CVE-2025-22462 | 1 Ivanti | 1 Neurons For Itsm | 2025-07-16 | 9.8 Critical |
| An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. | ||||
| CVE-2025-6688 | 2 Idokd, Wordpress | 2 Simple Payment, Wordpress | 2025-07-13 | 9.8 Critical |
| The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users. | ||||
| CVE-2025-48904 | 1 Huawei | 1 Harmonyos | 2025-07-11 | 4.4 Medium |
| Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-5820 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | 8.8 High |
| Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285. | ||||
| CVE-2024-29853 | 1 Veeam | 2 Agent, Veeam Agent For Windows | 2025-07-03 | N/A |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | ||||
| CVE-2023-32002 | 2 Nodejs, Redhat | 4 Node.js, Nodejs, Enterprise Linux and 1 more | 2025-07-02 | 9.8 Critical |
| The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
| CVE-2023-4702 | 1 Yepas | 1 Digital Yepas | 2025-06-25 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1. | ||||
| CVE-2025-45607 | 1 Liaoxuefeng | 1 Itranswarp | 2025-06-16 | 9.8 Critical |
| An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request. | ||||
| CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | 7.8 High |
| An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-20247 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-06-12 | 5 Medium |
| A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile. | ||||
| CVE-2023-42770 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2025-06-11 | 10 Critical |
| Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge. | ||||
| CVE-2025-47707 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2025-47710 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 7.4 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2025-48011 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | 4.8 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | ||||
| CVE-2025-48010 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | 4.8 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | ||||
| CVE-2020-14477 | 1 Philips | 16 Affiniti 50, Affiniti 50 Firmware, Affiniti 70 and 13 more | 2025-06-04 | 3.6 Low |
| In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | ||||
| CVE-2025-40581 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | 7.1 High |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | ||||