Total
1681 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10672 | 2025-09-19 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used. | |||||
| CVE-2025-56405 | 1 Litmus | 1 Mcp Server | 2025-09-17 | N/A | 7.5 HIGH |
| An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol. | |||||
| CVE-2025-5715 | 1 Signal | 1 Signal | 2025-09-17 | 3.5 LOW | 3.8 LOW |
| A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7970 | 1 Rockwellautomation | 1 Factorytalk Activation Manager | 2025-09-17 | N/A | 7.5 HIGH |
| A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. | |||||
| CVE-2025-9971 | 2025-09-17 | N/A | 9.8 CRITICAL | ||
| Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality. | |||||
| CVE-2025-34069 | 1 Gfi | 1 Kerio Control | 2025-09-17 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance. | |||||
| CVE-2025-34070 | 1 Gfi | 1 Kerio Control | 2025-09-17 | N/A | 9.8 CRITICAL |
| A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs. | |||||
| CVE-2025-34071 | 1 Gfi | 1 Kerio Control | 2025-09-17 | N/A | 9.8 CRITICAL |
| A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access. | |||||
| CVE-2024-12511 | 2025-09-17 | N/A | 7.6 HIGH | ||
| With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | |||||
| CVE-2025-34079 | 1 Nsclient | 1 Nsclient\+\+ | 2025-09-16 | N/A | 7.8 HIGH |
| An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port 8443), inject arbitrary commands as external scripts via the /settings/query.json API, save the configuration, and trigger the script via the /query/{name} endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise. This capability is an intended feature, but the lack of safeguards or privilege separation makes it risky when exposed to untrusted actors. | |||||
| CVE-2025-25224 | 1 Luxsoft | 1 Luxcal Web Calendar | 2025-09-15 | N/A | 7.5 HIGH |
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained. | |||||
| CVE-2025-9214 | 2025-09-15 | N/A | 5.4 MEDIUM | ||
| A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. | |||||
| CVE-2025-10452 | 2025-09-15 | N/A | 9.8 CRITICAL | ||
| Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges. | |||||
| CVE-2025-10204 | 2025-09-15 | N/A | N/A | ||
| A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions. | |||||
| CVE-2025-10267 | 2025-09-15 | N/A | 5.3 MEDIUM | ||
| NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side. | |||||
| CVE-2025-8627 | 1 Tp-link | 2 Kp303, Kp303 Firmware | 2025-09-15 | N/A | 8.8 HIGH |
| The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0. | |||||
| CVE-2025-55581 | 1 Dlink | 2 Dcs-825l, Dcs-825l Firmware | 2025-09-12 | N/A | 7.3 HIGH |
| D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. | |||||
| CVE-2025-7635 | 2025-09-12 | N/A | N/A | ||
| Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | |||||
| CVE-2025-36756 | 2025-09-11 | N/A | N/A | ||
| A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known. | |||||
| CVE-2025-36757 | 2025-09-11 | N/A | N/A | ||
| It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. | |||||