| 2025-02-28 | CVE-2025-0159 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. network low complexity CWE-288 critical | 9.1 |
| 2025-02-27 | CVE-2025-1717 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Pluginly Login ME NOW
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. | 8.1 |
| 2025-02-13 | CVE-2025-1283 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dingtian-Tech products
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | 9.8 |
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. network low complexity CWE-288 critical | 9.8 |
| 2025-02-11 | CVE-2025-24472 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet Fortios and Fortiproxy
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | 9.8 |
| 2025-02-11 | CVE-2025-0181 | The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. network low complexity CWE-288 critical | 9.8 |
| 2025-02-08 | CVE-2025-0316 | The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. network low complexity CWE-288 critical | 9.8 |
| 2025-02-07 | CVE-2025-1061 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. network low complexity CWE-288 critical | 9.8 |
| 2025-01-07 | CVE-2024-12402 | The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. network low complexity CWE-288 critical | 9.8 |
| 2024-12-21 | CVE-2024-11349 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. network low complexity CWE-288 critical | 9.8 |