High
CVE-2025-50060
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulner…
Read moreTag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 3/5 • 510 CVEs.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-07-15
High
CVE-2025-50059
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java…
Read more
High
CVE-2025-30762
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable…
Read more
Medium
CVE-2025-30759
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12…
Read more
Medium
CVE-2025-30758
Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthe…
Read more
Medium
CVE-2025-30756
Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network acce…
Read more
Medium
CVE-2025-30754
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8…
Read more
Low
CVE-2025-30752
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK…
Read more
High
CVE-2025-30749
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u4…
Read more
Medium
CVE-2025-30748
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitabl…
Read more
Medium
CVE-2025-30747
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitabl…
Read more
Medium
CVE-2025-30746
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows una…
Read more
Medium
CVE-2025-30745
Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.12-12.2.13. Easily exploit…
Read more
High
CVE-2025-30744
Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitabl…
Read more
High
CVE-2025-30743
Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected is 12.2.13. Easily exploitable v…
Read more
Critical
CVE-2025-52376
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet…
Read more
Critical
CVE-2025-34105
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on…
Read more
Critical
CVE-2025-34068
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functiona…
Read more
Medium
CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whethe…
Read more
Medium
CVE-2025-53887
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as…
Read more2025-07-14
High
CVE-2025-53623
The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class.…
Read more
High
CVE-2024-51767
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Read more
High
CVE-2025-1384
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this…
Read more2025-07-12
Critical
CVE-2023-38036
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary co…
Read more2025-07-11
Medium
CVE-2025-47963
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Read more
High
CVE-2025-52983
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Rou…
Read more
Medium
CVE-2025-52958
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (D…
Read more
Medium
CVE-2025-52955
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a mem…
Read more
Medium
CVE-2025-30026
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
Read more
Medium
CVE-2025-5241
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain per…
Read more2025-07-10
Critical
CVE-2025-34102
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticat…
Read more
Critical
CVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker ca…
Read more
High
CVE-2025-34093
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized…
Read more
High
CVE-2025-53378
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affec…
Read more
Medium
CVE-2025-49463
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
Read more
High
CVE-2025-46788
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
Read more2025-07-09
High
CVE-2025-44177
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitra…
Read more
High
CVE-2025-52364
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote att…
Read more
Critical
CVE-2025-4855
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to…
Read more2025-07-08
High
CVE-2025-49753
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49740
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
Read more
High
CVE-2025-49739
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Read more
High
CVE-2025-49729
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49724
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49721
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
Read more
High
CVE-2025-49719
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
Read more
High
CVE-2025-49718
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
Read more
High
CVE-2025-49716
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
Read more
High
CVE-2025-49714
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49711
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Read more
Medium
CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Read more
High
CVE-2025-49705
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49702
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49700
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49699
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49698
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49697
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49696
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49695
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Read more
High
CVE-2025-49691
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
Read more
High
CVE-2025-49690
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges loca…
Read more
High
CVE-2025-49689
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
Read more
High
CVE-2025-49688
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49683
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
Read more
Medium
CVE-2025-49681
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Read more
High
CVE-2025-49676
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49674
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49673
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49672
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
Medium
CVE-2025-49671
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Read more
Medium
CVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49669
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49663
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-49657
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-48824
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
Medium
CVE-2025-48823
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
Read more
High
CVE-2025-48822
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Read more
Medium
CVE-2025-48818
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Read more
High
CVE-2025-48817
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-48814
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
Read more
Medium
CVE-2025-48812
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Read more
Medium
CVE-2025-48804
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Read more
Medium
CVE-2025-48800
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Read more
Medium
CVE-2025-48003
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Read more
Medium
CVE-2025-48001
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Read more
High
CVE-2025-47998
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Read more
High
CVE-2025-47994
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Read more
High
CVE-2025-47988
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
Read more
High
CVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Read more
Critical
CVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Read more
Medium
CVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Read more
High
CVE-2025-47973
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
Read more
High
CVE-2025-47971
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
Read more
High
CVE-2025-33054
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
Read more
High
CVE-2025-7326
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft…
Read more
Medium
CVE-2024-55599
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and be…
Read more2025-07-07
Medium
CVE-2025-20322
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a sp…
Read more
Medium
CVE-2025-20321
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a speci…
Read more
High
CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may…
Read more2025-07-04
Critical
CVE-2025-48952
NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic ha…
Read more2025-07-01
Medium
CVE-2025-6920
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invoca…
Read more
Medium
CVE-2025-36582
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access co…
Read more2025-06-26
Critical
CVE-2015-0842
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Read more
Medium
CVE-2025-6675
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from…
Read more2025-06-25
Medium
CVE-2025-49550
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attack…
Read more
Low
CVE-2025-49549
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-pr…
Read more
Critical
CVE-2025-49153
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
Read more
Critical
CVE-2025-49151
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
Read more
Critical
CVE-2024-51978
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target devi…
Read more
Medium
CVE-2024-51977
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information…
Read more2025-06-21
Critical
CVE-2025-6216
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authenti…
Read more2025-06-20
Critical
CVE-2025-25034
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.ph…
Read more
High
CVE-2025-3319
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
Read more
Medium
CVE-2025-6329
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component Us…
Read more
High
CVE-2025-49715
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.
Read more2025-06-18
Critical
CVE-2025-45784
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware ima…
Read more2025-06-16
High
CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possib…
Read more2025-06-11
Critical
CVE-2025-32711
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Read more