Export limit exceeded: 34836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3109 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2025-03-10 | 6.8 Medium |
| VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | ||||
| CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2025-03-07 | 8.8 High |
| SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | ||||
| CVE-2023-29005 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 7.5 High |
| Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. | ||||
| CVE-2025-1714 | 2025-03-07 | N/A | ||
| Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | ||||
| CVE-2023-22101 | 1 Oracle | 1 Weblogic Server | 2025-03-06 | 8.1 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2023-22072 | 1 Oracle | 1 Weblogic Server | 2025-03-06 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2023-22069 | 1 Oracle | 1 Weblogic Server | 2025-03-06 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-31525 | 2025-03-06 | 7.2 High | ||
| Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result, for example, in creating a new admin user in the system which enables persistent access for the attacker as an administrator. | ||||
| CVE-2023-26476 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | ||||
| CVE-2023-29301 | 1 Adobe | 1 Coldfusion | 2025-03-05 | 7.5 High |
| Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. | ||||
| CVE-2020-26942 | 1 Axigen | 1 Axigen Mail Server | 2025-03-05 | 9.1 Critical |
| An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. | ||||
| CVE-2023-27290 | 1 Ibm | 1 Observability With Instana | 2025-03-05 | 9.1 Critical |
| Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. | ||||
| CVE-2025-24924 | 2025-03-05 | 9.8 Critical | ||
| Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username | ||||
| CVE-2025-24865 | 1 Myscada | 1 Mypro | 2025-03-04 | 10 Critical |
| The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | ||||
| CVE-2023-21743 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 5.3 Medium |
| Microsoft SharePoint Server Security Feature Bypass Vulnerability | ||||
| CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2025-02-28 | 9.8 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | ||||
| CVE-2023-40598 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 8.5 High |
| In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. | ||||
| CVE-2023-3669 | 1 Codesys | 1 Development System | 2025-02-27 | 3.3 Low |
| A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | ||||
| CVE-2023-37373 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 5.3 Medium |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. | ||||
| CVE-2023-21709 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 9.8 Critical |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||