Export limit exceeded: 29925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3295 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53782 | 1 Microsoft | 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more | 2026-02-22 | 8.4 High |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2024-3281 | 1 Hp | 6 Poly Ccx 350, Poly Ccx 400, Poly Ccx 500 and 3 more | 2026-02-20 | 8.8 High |
| A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | ||||
| CVE-2025-70146 | 1 Projectworlds | 1 Online Time Table Generator | 2026-02-20 | 9.1 Critical |
| Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session. | ||||
| CVE-2025-70147 | 1 Projectworlds | 1 Online Time Table Generator | 2026-02-20 | 7.5 High |
| Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session. | ||||
| CVE-2024-22449 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.6 Medium |
| Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | ||||
| CVE-2025-14038 | 1 Enterprisedb | 1 Hybrid Manager | 2026-02-18 | 7 High |
| EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been remediated in EDB Hybrid Manager 1.3.3, and customers should consider upgrading to 1.3.3 as soon as possible. The flaw is due to a misconfiguration in the Istio Gateway, which manages authentication and authorization for the affected endpoints. The security policy relies on an explicit definition of required permissions in the Istio Gateway configuration, and the affected endpoints were not defined in the configuration. This allowed requests to bypass both authentication and authorization within a Hybrid Manager service. All versions of Hybrid Manager - LTS should be upgraded to 1.3.3, and all versions of Hybrid Manager - Innovation should be upgraded to 2025.12. | ||||
| CVE-2024-50618 | 1 Cipplanner | 1 Cipace | 2026-02-17 | 4.3 Medium |
| A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the secret in a single-factor authentication scheme gets compromised. | ||||
| CVE-2025-21311 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-13 | 9.8 Critical |
| Windows NTLM V1 Elevation of Privilege Vulnerability | ||||
| CVE-2025-21355 | 1 Microsoft | 1 Bing | 2026-02-13 | 8.6 High |
| Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | ||||
| CVE-2025-48814 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-02-13 | 7.5 High |
| Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-66489 | 1 Cal | 1 Cal.com | 2026-02-13 | 9.8 Critical |
| Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8. | ||||
| CVE-2025-52024 | 1 Aptsys | 2 Gemscms Backend, Pos Platform Web Services | 2026-02-11 | 9.4 Critical |
| A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries. | ||||
| CVE-2025-67853 | 1 Moodle | 1 Moodle | 2026-02-11 | 7.5 High |
| A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts. | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2026-02-10 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2025-27456 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 7.5 High |
| The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-27449 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 7.5 High |
| The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-1710 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 7.5 High |
| The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-5192 | 1 Scshr | 1 Hr Portal | 2026-02-04 | 7.5 High |
| A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions. | ||||
| CVE-2025-3646 | 1 Petlibro | 2 Petlibro, Smart Pet Feeder Platform | 2026-02-03 | 7.3 High |
| Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation. | ||||
| CVE-2025-49186 | 2 Avaya, Sick | 6 Media Server, Baggage Analytics, Field Analytics and 3 more | 2026-02-03 | 5.3 Medium |
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||