Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36528 | 1 Platinumchina | 1 Platinum Mobile | 2025-04-15 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2020-36533 | 1 Klapp | 1 App | 2025-04-15 | 3.7 Low |
| A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. | ||||
| CVE-2022-46170 | 1 Codeigniter | 1 Codeigniter | 2025-04-15 | 8.6 High |
| CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie. | ||||
| CVE-2022-35646 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Verify Governance, Linux Kernel and 2 more | 2025-04-15 | 5.9 Medium |
| IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096. | ||||
| CVE-2018-25043 | 1 Bittorrent | 1 Utorrent | 2025-04-15 | 5 Medium |
| A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2022-46875 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-04-15 | 6.5 Medium |
| The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | ||||
| CVE-2022-2765 | 1 Company Website Cms Project | 1 Company Website Cms | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206161 was assigned to this vulnerability. | ||||
| CVE-2022-47633 | 1 Kyverno | 1 Kyverno | 2025-04-15 | 8.1 High |
| An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases. | ||||
| CVE-2023-36724 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-14 | 5.5 Medium |
| Windows Power Management Service Information Disclosure Vulnerability | ||||
| CVE-2020-11101 | 1 Sierrawireless | 1 Airlink Mobility Manager | 2025-04-14 | 9.8 Critical |
| Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. | ||||
| CVE-2021-4201 | 1 Forgerock | 1 Access Management | 2025-04-14 | 9.6 Critical |
| Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions. | ||||
| CVE-2017-20133 | 1 Itechscripts | 1 Job Portal Script | 2025-04-14 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. | ||||
| CVE-2022-2664 | 1 Private Cloud Management Platform Project | 1 Private Cloud Management Platform | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3465 | 1 Mediabridgeproducts | 2 Mlwr-ac1200r, Mlwr-ac1200r Firmware | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | ||||
| CVE-2022-3674 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-14 | 7.3 High |
| A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | ||||
| CVE-2022-3875 | 1 Clickstudios | 1 Passwordstate | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | ||||
| CVE-2013-6788 | 1 Bitrix | 2 Bitrix E-store Module, Bitrix Site Manager | 2025-04-12 | N/A |
| The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack. | ||||
| CVE-2016-9877 | 2 Broadcom, Pivotal Software | 2 Rabbitmq Server, Rabbitmq | 2025-04-12 | N/A |
| An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. | ||||
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2025-04-12 | N/A |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | ||||
| CVE-2016-7191 | 1 Microsoft | 1 Azure Active Directory Passport | 2025-04-12 | N/A |
| The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. | ||||