Search Results (4513 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39219 1 Xbifrost 1 Bifrost 2025-04-22 8.5 High
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.
CVE-2022-39289 1 Zoneminder 1 Zoneminder 2025-04-22 9.1 Critical
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.
CVE-2022-39290 1 Zoneminder 1 Zoneminder 2025-04-22 8 High
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-25685 1 Qualcomm 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more 2025-04-22 7.5 High
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25667 1 Qualcomm 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more 2025-04-22 7.5 High
Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking
CVE-2022-47408 1 Fp Newsletter Project 1 Fp Newsletter 2025-04-21 9.1 Critical
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
CVE-2022-23501 1 Typo3 1 Typo3 2025-04-21 5.9 Medium
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVE-2025-30287 1 Adobe 1 Coldfusion 2025-04-21 8.2 High
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.
CVE-2022-2503 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-21 6.9 Medium
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
CVE-2015-6817 1 Pgbouncer 1 Pgbouncer 2025-04-20 N/A
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
CVE-2017-13983 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
CVE-2015-8308 1 Lxdm Project 1 Lxdm 2025-04-20 N/A
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
CVE-2017-10817 1 Intercom 1 Malion 2025-04-20 9.8 Critical
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.
CVE-2017-10796 1 Tp-link 2 Nc250, Nc250 Firmware 2025-04-20 6.5 Medium
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
CVE-2017-10709 2 Elephone, Google 2 P9000, Android 2025-04-20 N/A
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
CVE-2017-16566 1 Qacctv 2 Jooan A5 Ip Camera, Jooan A5 Ip Camera Firmware 2025-04-20 9.8 Critical
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
CVE-2016-1502 1 Netapp 1 Snapcenter Server 2025-04-20 N/A
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
CVE-2016-4460 1 Apache 1 Pony Mail 2025-04-20 N/A
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
CVE-2016-3176 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
CVE-2016-5410 2 Firewalld, Redhat 6 Firewalld, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-20 N/A
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.