CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 68/128 • 15330 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15330 CVEs for this tag (all time). In the last 365 days, 3834 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-11-02
Low

CVE-2022-30307

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in th…

CVSS: 3.9 CWE: N/A View on NVD
2022-10-31
Medium

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.

CVSS: 5.3 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
Critical

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized obj…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2022-10-28
Medium

CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authent…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2022-39366

DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an att…

CVSS: 9.9 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2022-37914

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2022-37913

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2021-36206

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

CVSS: 10.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-10-27
Medium

CVE-2022-3387

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2022-3386

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2022-3385

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2022-38744

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. T…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2022-10-26
Medium

CVE-2022-40703

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android d…

CVSS: 5.2 CWE: CWE-302 - Authentication Bypass by Assumed-Immutable Data View on NVD
2022-10-25
Critical

CVE-2022-36452

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker t…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2022-39342

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset…

CVSS: 5.9 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2022-39341

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relat…

CVSS: 5.9 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2022-38199

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to…

CVSS: 6.1 CWE: CWE-494 - Download of Code Without Integrity Check View on NVD
Medium

CVE-2022-38198

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-38197

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a c…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2022-38195

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link whic…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2022-29477

An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header ca…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2022-27805

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arb…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-21
Medium

CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerabil…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attack…

CVSS: 7.0 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2022-27494

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CVSS: 8.2 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-26423

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-1070

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-1066

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-1059

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CVSS: 8.2 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-10-20
Critical

CVE-2022-42233

Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-10-19
High

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating sy…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-10-18
Critical

CVE-2022-39428

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vul…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-39426

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unaut…

CVSS: 8.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2022-39425

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unaut…

CVSS: 8.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2022-39424

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unaut…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2022-39423

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high pr…

CVSS: 6.0 CWE: N/A View on NVD
High

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allow…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2022-39411

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploit…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-39407

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerabili…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-39406

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerabil…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39405

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerabili…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-39402

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenti…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1,…

CVSS: 3.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-21639

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-21636

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vuln…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-21634

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-21631

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerab…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-21630

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerabi…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341,…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.…

CVSS: 5.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Low

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16…

CVSS: 3.7 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2022-21623

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Eas…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21622

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability a…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.…

CVSS: 3.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle Graal…

CVSS: 5.3 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2022-21615

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable…

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2022-21614

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21613

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-21612

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable…

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-21609

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily explo…

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2022-21606

Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unaut…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-21602

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2022-21601

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-21598

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily expl…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-21597

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 an…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2022-21593

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vuln…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-21590

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0.…

CVSS: 7.6 CWE: N/A View on NVD
Critical

CVE-2022-21587

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vul…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2022-33873

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.…

CVSS: 6.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2022-35846

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthentica…

CVSS: 8.1 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
Medium

CVE-2022-3339

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convinci…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-39058

RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2022-22247

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-22244

An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to…

CVSS: 5.3 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD
Medium

CVE-2022-22242

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's brows…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-22241

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted P…

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-22230

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of S…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-22225

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an est…

CVSS: 5.9 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2022-22220

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to ca…

CVSS: 5.9 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2022-22218

On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2022-22192

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Den…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
2022-10-17
Low

CVE-2022-3325

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.…

CVSS: 2.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-3066

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was po…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-2592

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a…

CVSS: 6.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
2022-10-15
Critical

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sen…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-10-14
Medium

CVE-2022-35691

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulne…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2022-39011

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

CVSS: 7.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This…

CVSS: 4.9 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2022-10-13
High

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-10-12
High

CVE-2022-31228

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.

CVSS: 8.1 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2022-0030

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper…

CVSS: 8.1 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Critical

CVE-2022-40664

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2022-42711

In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code i…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-10-11
Medium

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privil…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2022-34427

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of int…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-34426

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthen…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2022-41665

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <…

CVSS: 9.8 CWE: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters View on NVD
Medium

CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM…

CVSS: 5.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2022-40179

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM…

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2022-10-10
High

CVE-2022-34425

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized acce…

CVSS: 7.5 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
Medium

CVE-2022-20830

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of…

CVSS: 5.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2022-10-07
Medium

CVE-2022-39854

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

CVSS: 6.4 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-06
Critical

CVE-2022-40494

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-10-03
Medium

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filena…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2022-09-30
Medium

CVE-2022-20662

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because…

CVSS: 6.1 CWE: CWE-287 - Improper Authentication View on NVD
2022-09-29
Medium

CVE-2021-40693

An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2020-35674

BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password res…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2020-15327

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2022-09-28
Low

CVE-2022-34394

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to un…

CVSS: 3.7 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2022-29089

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit…

CVSS: 6.4 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2022-36781

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration…

CVSS: 5.3 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2022-28813

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary data…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2022-28812

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the devic…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2022-28811

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to ex…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-22523

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2022-22522

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD