Total
1566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31227 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | |||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2025-01-15 | N/A | 7.6 HIGH |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | |||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A | 7.4 HIGH |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2022-36249 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.4 MEDIUM |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | |||||
| CVE-2024-26235 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-13185 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2024-13173 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2024-13186 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2025-21623 | 2025-01-07 | N/A | 7.5 HIGH | ||
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | |||||
| CVE-2024-54984 | 2025-01-07 | N/A | 9.8 CRITICAL | ||
| An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier. | |||||
| CVE-2023-33553 | 1 Planet | 2 Wdrt-1800ax, Wdrt-1800ax Firmware | 2025-01-07 | N/A | 9.8 CRITICAL |
| An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. | |||||
| CVE-2024-12106 | 1 Progress | 1 Whatsup Gold | 2025-01-06 | N/A | 9.4 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | |||||
| CVE-2023-31196 | 1 Inaba | 16 Ac-pd-wapu, Ac-pd-wapu-p, Ac-pd-wapu-p Firmware and 13 more | 2025-01-03 | N/A | 7.5 HIGH |
| Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier | |||||
| CVE-2023-30762 | 1 Kbdevice | 12 Kb-ahr04d, Kb-ahr04d Firmware, Kb-ahr08d and 9 more | 2025-01-03 | N/A | 9.8 CRITICAL |
| Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | |||||
| CVE-2023-27357 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 6.5 MEDIUM |
| NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise. Was ZDI-CAN-19608. | |||||
| CVE-2024-55538 | 2025-01-02 | N/A | 4.0 MEDIUM | ||
| Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736. | |||||
| CVE-2024-54983 | 2024-12-31 | N/A | 9.8 CRITICAL | ||
| An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. | |||||
| CVE-2024-56799 | 2024-12-30 | N/A | 10.0 CRITICAL | ||
| Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7. | |||||
| CVE-2023-27396 | 1 Omron | 542 Cj2h-cpu64, Cj2h-cpu64-eip, Cj2h-cpu64-eip Firmware and 539 more | 2024-12-24 | N/A | 9.8 CRITICAL |
| FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later) | |||||