An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVE-2025-4427 - An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. ...
1 month ago CVE-2025-4428
CVE-2007-4427 - Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to ...
16 years ago
CVE-2012-4427 - The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. ...
12 years ago
CVE-2013-4427 - pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the ...
1 year ago
CVE-2010-4427 - Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. ...
7 years ago
CVE-2014-4427 - App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. ...
7 years ago
CVE-2008-4427 - changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. ...
7 years ago
CVE-2006-4427 - index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". ...
7 years ago
CVE-2015-4427 - Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ...
6 years ago
CVE-2005-4427 - Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in ...
6 years ago
CVE-2018-4427 - A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update ...
6 years ago
CVE-2019-4427 - IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773. ...
5 years ago
CVE-2009-4427 - Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. ...
4 years ago
CVE-2020-4427 - IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this ...
2 years ago
CVE-2016-4427 - In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. ...
2 years ago
CVE-2021-4427 - The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the ...
1 year ago
CVE-2022-4427 - Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice ...
1 year ago
CVE-2023-4427 - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) ...
1 year ago
CVE-2011-4427 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none ...
55 years ago Tenable.com
CVE-2017-4427 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-4427 - The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, ...
1 year ago