Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47195 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10309 1 Ceragon 2 Fibeair Ip-10, Fibeair Ip-10 Firmware 2025-04-20 N/A
In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.
CVE-2015-6817 1 Pgbouncer 1 Pgbouncer 2025-04-20 N/A
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
CVE-2015-6816 2 Fedoraproject, Ganglia 2 Fedora, Ganglia-web 2025-04-20 N/A
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
CVE-2015-4464 1 Kguardsecurity 4 Kg-sha104, Kg-sha104 Firmware, Kg-sha108 and 1 more 2025-04-20 N/A
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
CVE-2015-2880 1 Trendnet 1 Tv-ip743sic 2025-04-20 N/A
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
CVE-2015-2800 1 Huawei 14 Campus S5300, Campus S5700, Campus S6300 and 11 more 2025-04-20 N/A
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
CVE-2015-1401 1 Ldap \/ Sso Authentication Project 1 Ldap \/ Sso Authentication 2025-04-20 N/A
Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
CVE-2014-9624 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
CVE-2014-9618 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVE-2014-9611 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVE-2014-3527 1 Vmware 1 Spring Security 2025-04-20 N/A
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.
CVE-2014-0121 2 Hawt, Redhat 2 Hawtio, Jboss Fuse 2025-04-20 N/A
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVE-2014-0097 1 Vmware 1 Spring Security 2025-04-20 N/A
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
CVE-2016-7144 1 Unrealircd 1 Unrealircd 2025-04-20 N/A
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVE-2023-31292 1 Sesami 1 Cash Point \& Transport Optimizer 2025-04-17 5.5 Medium
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack.
CVE-2021-35252 1 Solarwinds 1 Serv-u 2025-04-17 7.5 High
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVE-2022-47209 1 Netgear 2 Rax30, Rax30 Firmware 2025-04-17 8.8 High
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVE-2020-14504 1 Rockwellautomation 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more 2025-04-17 5.3 Medium
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
CVE-2022-46400 1 Microchip 18 Bm70, Bm70 Firmware, Bm71 and 15 more 2025-04-17 5.4 Medium
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
CVE-2022-42453 1 Hcltech 1 Bigfix Platform 2025-04-17 6.9 Medium
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.