Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2807 | 1 Pandorafms | 1 Pandora Fms | 2025-01-03 | 6.4 Medium |
| Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms. | ||||
| CVE-2022-36331 | 1 Westerndigital | 24 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 21 more | 2025-01-03 | 10 Critical |
| Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | ||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 6.5 Medium |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 7.5 High |
| Windows CryptoAPI Spoofing Vulnerability | ||||
| CVE-2022-26910 | 1 Microsoft | 1 Skype For Business Server | 2025-01-02 | 5.3 Medium |
| Skype for Business and Lync Spoofing Vulnerability | ||||
| CVE-2024-13061 | 2025-01-02 | 9.8 Critical | ||
| The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system. | ||||
| CVE-2024-54450 | 2024-12-28 | 9.4 Critical | ||
| An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in. | ||||
| CVE-2024-55470 | 2024-12-20 | 7.5 High | ||
| Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication. | ||||
| CVE-2023-34157 | 1 Huawei | 1 Harmonyos | 2024-12-17 | 10 Critical |
| Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. | ||||
| CVE-2022-48469 | 1 Huawei | 2 B535-232a, B535-232a Firmware | 2024-12-17 | 6.5 Medium |
| There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | ||||
| CVE-2024-28228 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 5.3 Medium |
| In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | ||||
| CVE-2023-34167 | 1 Huawei | 1 Emui | 2024-12-12 | 5.3 Medium |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | ||||
| CVE-2023-34160 | 1 Huawei | 1 Emui | 2024-12-12 | 5.3 Medium |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | ||||
| CVE-2023-34158 | 1 Huawei | 1 Emui | 2024-12-12 | 5.3 Medium |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | ||||
| CVE-2023-27964 | 1 Apple | 1 Airpods Firmware | 2024-12-05 | 5.4 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. | ||||
| CVE-2024-22457 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | 7.1 High |
| Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. | ||||
| CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-04 | 6.7 Medium |
| PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | ||||
| CVE-2024-50380 | 1 Snapone | 1 Orvc | 2024-12-02 | N/A |
| Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. | ||||
| CVE-2023-29147 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-11-26 | 5.5 Medium |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | ||||
| CVE-2023-22814 | 1 Westerndigital | 12 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 9 more | 2024-11-26 | 10 Critical |
| An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | ||||