Total
456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1347 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | ||||
| CVE-2021-27853 | 3 Cisco, Ieee, Ietf | 308 Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l, Catalyst 3650-12x48fd-s and 305 more | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | ||||
| CVE-2025-1104 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-05-21 | 7.3 High |
| A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-27862 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). | ||||
| CVE-2021-27861 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) | ||||
| CVE-2021-27854 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. | ||||
| CVE-2025-48027 | 2025-05-16 | 5.4 Medium | ||
| The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver. | ||||
| CVE-2024-22520 | 1 Dronetag | 1 Drone Scanner | 2025-05-15 | 8.2 High |
| An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. | ||||
| CVE-2022-0030 | 1 Paloaltonetworks | 1 Pan-os | 2025-05-15 | 8.1 High |
| An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | ||||
| CVE-2024-13685 | 1 Wpase | 1 Admin And Site Enhancements | 2025-05-14 | 5.3 Medium |
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10. | ||||
| CVE-2024-31008 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | 6.5 Medium |
| An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. | ||||
| CVE-2025-24091 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-12 | 5.5 Medium |
| An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. | ||||
| CVE-2025-28128 | 1 Mytel | 1 Telecom Online Account System | 2025-05-12 | 7 High |
| An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request. | ||||
| CVE-2022-42983 | 1 Anji-plus | 1 Aj-report | 2025-05-10 | 8.8 High |
| anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | ||||
| CVE-2023-49794 | 1 Kernelsu | 1 Kernelsu | 2025-05-09 | 6.7 Medium |
| KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available. | ||||
| CVE-2024-58126 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | 8.4 High |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-58127 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | 8.4 High |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2025-31170 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | 8.4 High |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-58125 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | 8.4 High |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-58124 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | 8.4 High |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||