Total
1562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25013 | 1 In2code | 1 Femanager | 2025-03-26 | N/A | 8.6 HIGH |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. | |||||
| CVE-2021-37234 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2025-03-26 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | |||||
| CVE-2024-21183 | 1 Oracle | 1 Weblogic Server | 2025-03-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-23783 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-25 | N/A | 8.8 HIGH |
| Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | |||||
| CVE-2022-45190 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2025-03-25 | N/A | 5.3 MEDIUM |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. | |||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2025-03-25 | N/A | 9.8 CRITICAL |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
| CVE-2022-48299 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2025-30111 | 2025-03-24 | N/A | 7.5 HIGH | ||
| On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication. | |||||
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48289 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48288 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-31266 | 1 Ilias | 1 Ilias | 2025-03-20 | 7.5 HIGH | 4.3 MEDIUM |
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2024-48791 | 2025-03-19 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-50630 | 2025-03-19 | N/A | 7.5 HIGH | ||
| Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. | |||||
| CVE-2022-47703 | 1 Tianjie | 2 Cpe906-3, Cpe906-3 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | |||||
| CVE-2022-45551 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | |||||
| CVE-2022-44216 | 1 Sir | 1 Gnuboard | 2025-03-18 | N/A | 7.5 HIGH |
| Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | |||||
| CVE-2024-21006 | 1 Oracle | 1 Weblogic Server | 2025-03-18 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2023-23453 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more | 2025-03-18 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2023-23452 | 1 Sick | 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more | 2025-03-18 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||