Total
422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26421 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-1298 | 2025-09-05 | N/A | 9.8 CRITICAL | ||
| Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. | |||||
| CVE-2023-44447 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2025-09-04 | N/A | 6.5 MEDIUM |
| TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529. | |||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2025-08-27 | N/A | 5.3 MEDIUM |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | |||||
| CVE-2025-6188 | 2025-08-27 | N/A | 7.5 HIGH | ||
| On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication. | |||||
| CVE-2023-5616 | 2 Canonical, Gnome | 2 Ubuntu Linux, Control Center | 2025-08-26 | N/A | 4.9 MEDIUM |
| In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. | |||||
| CVE-2025-31511 | 2025-08-18 | N/A | 7.3 HIGH | ||
| An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the following build numbers: 4.1.12.2.1.19, 4.1.12.5.2.36, 4.1.13.0.60, 4.1.13.2.0.3.39, 4.1.13.2.0.3.41, 4.1.13.2.42, 4.1.13.2.25.44, 4.1.14.0.13, 4.1.14.0.43, 4.1.14.0.48, and 4.1.14.1.5.32. | |||||
| CVE-2025-36119 | 1 Ibm | 1 I | 2025-08-15 | N/A | 7.1 HIGH |
| IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | |||||
| CVE-2023-37865 | 1 Ip2location | 1 Country Blocker | 2025-08-12 | N/A | 5.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1. | |||||
| CVE-2025-8853 | 2025-08-11 | N/A | 9.8 CRITICAL | ||
| Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. | |||||
| CVE-2025-50454 | 2025-08-05 | N/A | 6.5 MEDIUM | ||
| An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials. | |||||
| CVE-2024-20299 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-01 | N/A | 5.8 MEDIUM |
| A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules. | |||||
| CVE-2024-20297 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-01 | N/A | 5.8 MEDIUM |
| A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules. | |||||
| CVE-2024-20384 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-01 | N/A | 5.8 MEDIUM |
| A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules. | |||||
| CVE-2025-48906 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27695 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | N/A | 4.9 MEDIUM |
| Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. | |||||
| CVE-2025-2188 | 1 Honor | 1 Gamecenter | 2025-07-11 | N/A | 8.1 HIGH |
| There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity. | |||||
| CVE-2023-48396 | 1 Apache | 1 Seatunnel | 2025-07-10 | N/A | 9.1 CRITICAL |
| Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. | |||||
| CVE-2023-30464 | 1 Coredns.io | 1 Coredns | 2025-07-10 | N/A | 7.5 HIGH |
| CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | |||||
| CVE-2025-23168 | 1 Versa-networks | 1 Versa Director | 2025-07-09 | N/A | 6.3 MEDIUM |
| The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the OTP delivery (SMS/email) to their own device. OTP/TOTP codes are not invalidated after use, enabling reuse by an attacker who has previously intercepted or obtained a valid code. In addition, the 2FA system does not adequately restrict the number or frequency of login attempts. The OTP values are generated from a relatively small keyspace, making brute-force attacks more feasible. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Versa recommends that Director be upgraded to one of the remediated software versions. | |||||