Export limit exceeded: 16323 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341244 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20133 | 1 Itechscripts | 1 Job Portal Script | 2025-04-14 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. | ||||
| CVE-2022-2664 | 1 Private Cloud Management Platform Project | 1 Private Cloud Management Platform | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3465 | 1 Mediabridgeproducts | 2 Mlwr-ac1200r, Mlwr-ac1200r Firmware | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | ||||
| CVE-2022-3674 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-14 | 7.3 High |
| A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | ||||
| CVE-2022-3875 | 1 Clickstudios | 1 Passwordstate | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | ||||
| CVE-2016-5686 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2025-04-12 | N/A |
| Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | ||||
| CVE-2013-4594 | 1 Payment For Webform Project | 1 Payment For Webform | 2025-04-12 | N/A |
| The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | ||||
| CVE-2016-5133 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | ||||
| CVE-2016-5086 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2025-04-12 | N/A |
| Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | ||||
| CVE-2014-0056 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | ||||
| CVE-2012-4658 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. | ||||
| CVE-2013-3046 | 1 Ibm | 1 Sametime | 2025-04-12 | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | ||||
| CVE-2014-0074 | 2 Apache, Redhat | 6 Shiro, Fuse Esb Enterprise, Fuse Management Console and 3 more | 2025-04-12 | N/A |
| Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | ||||
| CVE-2014-0090 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2025-04-12 | N/A |
| Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. | ||||
| CVE-2016-2076 | 1 Vmware | 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director | 2025-04-12 | N/A |
| Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | ||||
| CVE-2014-0132 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-12 | N/A |
| The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. | ||||
| CVE-2016-2012 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | N/A |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2015-6480 | 1 Moxa | 1 Oncell Central Manager | 2025-04-12 | N/A |
| The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | ||||
| CVE-2016-1000214 | 1 Ruckus | 1 Wireless H500 | 2025-04-12 | N/A |
| Ruckus Wireless H500 web management interface authentication bypass | ||||
| CVE-2016-0916 | 1 Emc | 1 Networker | 2025-04-12 | N/A |
| EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | ||||