CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 2/5 • 510 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-01
Critical

CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-th…

CVSS: 9.3 CWE: CWE-300
Read more
High

CVE-2012-10022

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execu…

CVSS: 8.5 CWE: CWE-269
Read more
Critical

CVE-2025-50870

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the cor…

CVSS: 9.8 CWE: CWE-284
Read more
Medium

CVE-2025-4523

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view()…

CVSS: 6.5 CWE: CWE-200
Read more
Critical

CVE-2025-5947

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly vali…

CVSS: 9.8 CWE: CWE-639
Read more
2025-07-31
High

CVE-2025-50850

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematic…

CVSS: 8.6 CWE: CWE-284
Read more
Critical

CVE-2014-125126

An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=…

CVSS: 9.2 CWE: CWE-306
Read more
High

CVE-2014-125125

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downlo…

CVSS: 8.8 CWE: CWE-22
Read more
Critical

CVE-2014-125124

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module e…

CVSS: 10.0 CWE: CWE-78
Read more
Medium

CVE-2014-125122

A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST reques…

CVSS: 5.3 CWE: CWE-121
Read more
Critical

CVE-2013-10043

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection.…

CVSS: 9.5 CWE: CWE-89
Read more
Critical

CVE-2013-10037

An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell comman…

CVSS: 9.3 CWE: CWE-78
Read more
Critical

CVE-2012-10021

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of s…

CVSS: 9.3 CWE: CWE-121
Read more
2025-07-30
Critical

CVE-2025-54576

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and…

CVSS: 9.1 CWE: CWE-290
Read more
Medium

CVE-2025-36608

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potenti…

CVSS: 6.5 CWE: CWE-611
Read more
Medium

CVE-2025-8353

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to…

CVSS: 5.9 CWE: CWE-446
Read more
Medium

CVE-2023-2593

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated a…

CVSS: 5.9 CWE: CWE-835
Read more
High

CVE-2025-53944

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an a…

CVSS: 7.7 CWE: CWE-285
Read more
Medium

CVE-2025-53111

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10…

CVSS: 6.5 CWE: CWE-284
Read more
Medium

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. T…

CVSS: 6.5 CWE: CWE-80
Read more
High

CVE-2025-43270

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may gain unauthorized access to Local…

CVSS: 8.8 CWE: CWE-284
Read more
2025-07-29
Medium

CVE-2025-54126

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 a…

CVSS: 6.9 CWE: CWE-668
Read more
Critical

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

CVSS: 9.8 CWE: CWE-134
Read more
Medium

CVE-2025-36010

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

CVSS: 6.5 CWE: CWE-833
Read more
Critical

CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthentic…

CVSS: 9.8 CWE: CWE-79
Read more
High

CVE-2025-28170

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and…

CVSS: 7.6 CWE: CWE-548
Read more
High

CVE-2025-6505

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credential…

CVSS: 8.1 CWE: CWE-287
Read more
High

CVE-2025-6504

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.  Since XFF is a client-controlled header, it could be spoofed, all…

CVSS: 8.4 CWE: CWE-345
Read more
2025-07-28
Critical

CVE-2025-54428

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded us…

CVSS: 9.8 CWE: CWE-522
Read more
Medium

CVE-2025-54423

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sa…

CVSS: 5.4 CWE: CWE-79
Read more
2025-07-26
Critical

CVE-2025-6895

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. T…

CVSS: 9.8 CWE: CWE-288
Read more
2025-07-25
Critical

CVE-2025-30135

An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing att…

CVSS: 9.4 CWE: CWE-306
Read more
High

CVE-2025-52448

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the prod…

CVSS: 8.1 CWE: CWE-639
Read more
High

CVE-2025-52447

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to th…

CVSS: 8.1 CWE: CWE-639
Read more
High

CVE-2025-52446

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production databa…

CVSS: 8.0 CWE: CWE-639
Read more
High

CVE-2025-34139

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files.…

CVSS: 8.7 CWE: CWE-552
Read more
Critical

CVE-2025-34138

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to info…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2025-34136

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL In…

CVSS: 6.9 CWE: CWE-89
Read more
High

CVE-2024-13975

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client sys…

CVSS: 8.5 CWE: CWE-269
Read more
Critical

CVE-2014-125117

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to t…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2014-125116

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and…

CVSS: 9.3 CWE: CWE-306
Read more
Critical

CVE-2025-45777

An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted request.

CVSS: 9.8 CWE: CWE-287
Read more
Low

CVE-2025-0252

HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.

CVSS: 2.6 CWE: CWE-319
Read more
Low

CVE-2025-0249

HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.

CVSS: 3.3 CWE: CWE-287
Read more
2025-07-24
High

CVE-2025-31955

HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.

CVSS: 7.6 CWE: CWE-200
Read more
High

CVE-2025-31952

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.

CVSS: 7.1 CWE: CWE-613
Read more
Critical

CVE-2025-6441

The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a…

CVSS: 9.8 CWE: CWE-862
Read more
Critical

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauth…

CVSS: 10.0 CWE: CWE-552
Read more
Medium

CVE-2025-1299

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that…

CVSS: 4.3 CWE: CWE-862
Read more
Medium

CVE-2025-0765

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom s…

CVSS: 4.3 CWE: CWE-863
Read more
2025-07-23
High

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, coul…

CVSS: 7.5 CWE: CWE-434
Read more
Medium

CVE-2025-40598

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2025-40597

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

CVSS: 7.5 CWE: CWE-122
Read more
High

CVE-2025-40596

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

CVSS: 7.3 CWE: CWE-121
Read more
Critical

CVE-2018-25114

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default,…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug…

CVSS: 9.3 CWE: CWE-78
Read more
High

CVE-2024-12310

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlyi…

CVSS: 7.0 CWE: CWE-287
Read more
Critical

CVE-2025-54455

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVSS: 9.1 CWE: CWE-798
Read more
Critical

CVE-2025-54454

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVSS: 9.1 CWE: CWE-798
Read more
High

CVE-2025-54452

Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVSS: 7.3 CWE: CWE-287
Read more
Medium

CVE-2025-54139

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX…

CVSS: 4.3 CWE: CWE-1021
Read more
2025-07-22
High

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts…

CVSS: 7.3 CWE: CWE-1392
Read more
Medium

CVE-2025-51479

Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/m…

CVSS: 5.4 CWE: CWE-639
Read more
High

CVE-2025-6523

Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated b…

CVSS: 7.7 CWE: CWE-1391
Read more
Critical

CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The…

CVSS: 9.3 CWE: CWE-78
Read more
High

CVE-2025-34140

An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass ac…

CVSS: 8.7 CWE: CWE-639
Read more
High

CVE-2025-7692

The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing…

CVSS: 8.1 CWE: CWE-288
Read more
2025-07-21
Critical

CVE-2025-54122

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Des…

CVSS: 10.0 CWE: CWE-918
Read more
Medium

CVE-2025-7938

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads t…

CVSS: 4.3 CWE: CWE-285
Read more
Critical

CVE-2025-52362

Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowi…

CVSS: 9.1 CWE: CWE-918
Read more
Medium

CVE-2025-36057

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is…

CVSS: 5.2 CWE: CWE-299
Read more
Critical

CVE-2020-26799

A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data.

CVSS: 9.8 CWE: CWE-79
Read more
Medium

CVE-2025-52575

EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, una…

CVSS: 6.5 CWE: CWE-90
Read more
Critical

CVE-2025-44654

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the comp…

CVSS: 9.8 CWE: CWE-284
Read more
Low

CVE-2025-44657

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation,…

CVSS: 3.9 CWE: CWE-284
Read more
Critical

CVE-2025-44655

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use o…

CVSS: 9.8 CWE: CWE-266
Read more
Critical

CVE-2025-46121

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client…

CVSS: 9.8 CWE: CWE-134
Read more
Critical

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface l…

CVSS: 9.8 CWE: CWE-22
Read more
High

CVE-2025-4129

Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025.

CVSS: 7.5 CWE: CWE-639
Read more
High

CVE-2025-4040

Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic Station Monitoring System: before…

CVSS: 7.1 CWE: CWE-639
Read more
Medium

CVE-2025-2301

Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects Online Exam Registration: befor…

CVSS: 4.4 CWE: CWE-639
Read more
Medium

CVE-2025-5681

Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23.06.2025.

CVSS: 6.5 CWE: CWE-639
Read more
High

CVE-2025-1469

Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.

CVSS: 7.5 CWE: CWE-639
Read more
Critical

CVE-2024-6107

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresp…

CVSS: 9.6 CWE: CWE-287
Read more
2025-07-20
Medium

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-287
Read more
Medium

CVE-2025-54319

An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose loggi…

CVSS: 6.3 CWE: CWE-532
Read more
Critical

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exis…

CVSS: 9.8 CWE: CWE-502
Read more
2025-07-19
Medium

CVE-2025-6721

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, an…

CVSS: 5.3 CWE: CWE-862
Read more
2025-07-18
Critical

CVE-2025-47158

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CVSS: 9.0 CWE: CWE-302
Read more
Medium

CVE-2024-13175

Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.

CVSS: 5.5 CWE: CWE-639
Read more
Critical

CVE-2025-7444

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the…

CVSS: 9.8 CWE: CWE-288
Read more
2025-07-17
Medium

CVE-2025-7397

A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user…

CVSS: 6.8 CWE: CWE-312
Read more
High

CVE-2025-6391

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized ac…

CVSS: 7.1 CWE: CWE-532
Read more
Medium

CVE-2025-6249

An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.

CVSS: 6.7 CWE: CWE-602
Read more
Critical

CVE-2025-25257

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2…

CVSS: 9.8 CWE: CWE-89
Read more
2025-07-16
High

CVE-2025-34120

An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup e…

CVSS: 8.7 CWE: CWE-22
Read more
High

CVE-2025-34119

A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 c…

CVSS: 8.8 CWE: CWE-306
Read more
High

CVE-2025-37107

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

CVSS: 7.3 CWE: CWE-287
Read more
High

CVE-2025-37106

An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

CVSS: 7.3 CWE: CWE-287
Read more
High

CVE-2025-53938

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.ph…

CVSS: 7.5 CWE: CWE-306
Read more
Critical

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthe…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2025-53758

This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by e…

CVSS: 5.1 CWE: CWE-312
Read more
High

CVE-2025-53756

This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by interceptin…

CVSS: 8.7 CWE: CWE-319
Read more
Medium

CVE-2025-53755

This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerabi…

CVSS: 5.1 CWE: CWE-312
Read more
Critical

CVE-2025-7673

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-…

CVSS: 9.8 CWE: CWE-120
Read more
Critical

CVE-2025-52689

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the…

CVSS: 9.8 CWE: CWE-384
Read more
2025-07-15
Medium

CVE-2025-30761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf an…

CVSS: 5.9 CWE: CWE-502
Read more
Medium

CVE-2025-53031

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar…

CVSS: 5.3 CWE: CWE-497
Read more
Medium

CVE-2025-53030

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileg…

CVSS: 6.0 CWE: CWE-269
Read more
Medium

CVE-2025-53026

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileg…

CVSS: 6.0 CWE: CWE-269
Read more
Medium

CVE-2025-53025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileg…

CVSS: 6.0 CWE: CWE-269
Read more
Medium

CVE-2025-50107

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnera…

CVSS: 6.1 CWE: CWE-284
Read more
High

CVE-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u4…

CVSS: 8.1 CWE: N/A
Read more
High

CVE-2025-50105

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploit…

CVSS: 8.1 CWE: CWE-284
Read more
Medium

CVE-2025-50073

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily ex…

CVSS: 6.1 CWE: CWE-285
Read more
Medium

CVE-2025-50072

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable…

CVSS: 4.0 CWE: CWE-284
Read more
Medium

CVE-2025-50070

Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authentica…

CVSS: 5.3 CWE: CWE-284
Read more
High

CVE-2025-50069

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker…

CVSS: 7.7 CWE: CWE-269
Read more
Low

CVE-2025-50065

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulne…

CVSS: 3.7 CWE: CWE-269
Read more
High

CVE-2025-50062

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Eas…

CVSS: 8.1 CWE: CWE-269
Read more