Total
3990 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-07-30 | 6.8 Medium |
| VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | ||||
| CVE-2023-45249 | 1 Acronis | 1 Cyber Infrastructure | 2025-07-30 | 9.8 Critical |
| Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. | ||||
| CVE-2024-7593 | 1 Ivanti | 2 Virtual Traffic Management, Virtual Traffic Manager | 2025-07-30 | 9.8 Critical |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | ||||
| CVE-2024-49039 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-30 | 8.8 High |
| Windows Task Scheduler Elevation of Privilege Vulnerability | ||||
| CVE-2024-11680 | 1 Projectsend | 1 Projectsend | 2025-07-30 | 9.8 Critical |
| ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2025-07-30 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2024-30939 | 1 Yealink | 1 Vp59 Firmware | 2025-07-30 | 6.8 Medium |
| An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | ||||
| CVE-2025-31267 | 1 Apple | 1 App Store Connect | 2025-07-29 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information. | ||||
| CVE-2025-49812 | 2 Apache, Apache Software Foundation | 2 Http Server, Apache Http Server | 2025-07-29 | 7.4 High |
| In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | ||||
| CVE-2025-54419 | 1 Node-saml | 1 Node-saml | 2025-07-29 | 10 Critical |
| A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). This is fixed in version 5.1.0. | ||||
| CVE-2025-54452 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2025-07-28 | 7.3 High |
| Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | ||||
| CVE-2024-51767 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | 7.3 High |
| An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | ||||
| CVE-2024-12310 | 2025-07-25 | N/A | ||
| A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of keyboard shortcuts. This issue affects Imprivata Enterprise Access Management versions 5.3 through 24.2. | ||||
| CVE-2025-45777 | 2025-07-25 | 9.8 Critical | ||
| An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted request. | ||||
| CVE-2025-0249 | 2025-07-25 | 3.3 Low | ||
| HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization. | ||||
| CVE-2025-37107 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | 7.3 High |
| An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | ||||
| CVE-2025-37106 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | 7.3 High |
| An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | ||||
| CVE-2024-9683 | 1 Redhat | 1 Quay | 2025-07-23 | 4.8 Medium |
| A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future. | ||||
| CVE-2025-7862 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-23 | 7.3 High |
| A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-3411 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 7.5 High |
| A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | ||||