Export limit exceeded: 10330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0543 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more | 2026-01-14 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| CVE-2022-40684 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2026-01-14 | 9.8 Critical |
| An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | ||||
| CVE-2023-28396 | 1 Intel | 2 Jhl8440, Jhl8440 Firmware | 2026-01-14 | 6.1 Medium |
| Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. | ||||
| CVE-2023-31189 | 1 Intel | 54 Openbmc, Xeon Bronze 3408u, Xeon Gold 5403n and 51 more | 2026-01-14 | 5.2 Medium |
| Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. | ||||
| CVE-2023-35121 | 1 Intel | 17 Advisor, Cluster Checker, Distribution For Python and 14 more | 2026-01-14 | 7.8 High |
| Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-69273 | 3 Broadcom, Linux, Microsoft | 3 Dx Netops Spectrum, Linux Kernel, Windows | 2026-01-14 | 7.5 High |
| Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | ||||
| CVE-2023-44248 | 1 Fortinet | 2 Fortiedr, Fortiedrcollectorwindows | 2026-01-14 | 4 Medium |
| An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | ||||
| CVE-2025-54822 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-01-14 | 4.2 Medium |
| An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests. | ||||
| CVE-2025-53845 | 1 Fortinet | 1 Fortianalyzer | 2026-01-14 | 6.2 Medium |
| An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests. | ||||
| CVE-2025-59810 | 1 Fortinet | 3 Fortisoar, Fortisoaron-premise, Fortisoarpaas | 2026-01-14 | 6.2 Medium |
| An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests | ||||
| CVE-2025-59923 | 1 Fortinet | 1 Fortiauthenticator | 2026-01-14 | 2.6 Low |
| An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests. | ||||
| CVE-2021-33044 | 1 Dahuasecurity | 38 Ipc-hum7xxx, Ipc-hum7xxx Firmware, Ipc-hx3xxx and 35 more | 2026-01-13 | 9.8 Critical |
| The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. | ||||
| CVE-2021-33045 | 1 Dahuasecurity | 36 Ipc-hum7xxx, Ipc-hum7xxx Firmware, Ipc-hx3xxx and 33 more | 2026-01-13 | 9.8 Critical |
| The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. | ||||
| CVE-2025-65925 | 1 Zeroheight | 1 Zeroheight | 2026-01-13 | 6.5 Medium |
| An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification controls and allowed unintended account creation. This could have enabled spam/fake account creation or resource usage impact. No data exposure or unauthorized access to existing accounts was reported. | ||||
| CVE-2025-67070 | 2026-01-13 | 8.2 High | ||
| A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel. | ||||
| CVE-2025-15069 | 1 Gmission | 1 Web Fax | 2026-01-13 | 7.1 High |
| Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1 | ||||
| CVE-2023-33947 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-13 | 2.7 Low |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | ||||
| CVE-2023-33946 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-13 | 2.7 Low |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | ||||
| CVE-2025-69197 | 1 Pterodactyl | 1 Panel | 2026-01-12 | 6.5 Medium |
| Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This allows an attacker who intercepts that token to use it in addition to a known username/password during the 60-second token validity window. The attacker must have intercepted a valid 2FA token (for example, during a screen share). This issue is fixed in version 1.12.0. | ||||
| CVE-2026-21694 | 1 Kromit | 1 Titra | 2026-01-12 | 6.8 Medium |
| Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50. | ||||