Total
4061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2025-05-07 | 9.8 Critical |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | ||||
| CVE-2022-26870 | 1 Dell | 1 Powerstoreos | 2025-05-07 | 7 High |
| Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. | ||||
| CVE-2022-37914 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | 9.8 Critical |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2022-37913 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | 9.8 Critical |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2024-47806 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-47807 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2022-32935 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | 4.6 Medium |
| A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | ||||
| CVE-2022-32928 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | 5.3 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. | ||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 6.6 Medium |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | ||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | 9.8 Critical |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | ||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2025-05-05 | 3.7 Low |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | ||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | 9.8 Critical |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 7.2 High |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-38744 | 1 Rockwellautomation | 1 Factorytalk Alarms And Events | 2025-05-05 | 7.5 High |
| An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. | ||||
| CVE-2024-21390 | 1 Microsoft | 1 Authenticator | 2025-05-03 | 7.1 High |
| Microsoft Authenticator Elevation of Privilege Vulnerability | ||||
| CVE-2024-21427 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-05-03 | 7.5 High |
| Windows Kerberos Security Feature Bypass Vulnerability | ||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2025-05-02 | 6.3 Medium |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | ||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | ||||
| CVE-2025-29906 | 2025-05-02 | 8.6 High | ||
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. | ||||
| CVE-2022-27510 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2025-05-01 | 9.8 Critical |
| Unauthorized access to Gateway user capabilities | ||||