Total
1983 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25136 | 2025-12-29 | N/A | 7.5 HIGH | ||
| FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg. | |||||
| CVE-2019-25248 | 2025-12-29 | N/A | 7.5 HIGH | ||
| Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism. | |||||
| CVE-2018-25137 | 2025-12-29 | N/A | 7.5 HIGH | ||
| FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation. | |||||
| CVE-2018-25134 | 2025-12-29 | N/A | 9.8 CRITICAL | ||
| Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management. | |||||
| CVE-2025-3232 | 2025-12-29 | N/A | 7.5 HIGH | ||
| A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. | |||||
| CVE-2018-25140 | 2025-12-29 | N/A | 7.5 HIGH | ||
| FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication. | |||||
| CVE-2019-25240 | 2025-12-29 | N/A | 9.8 CRITICAL | ||
| Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication. | |||||
| CVE-2023-53970 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | |||||
| CVE-2023-53969 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | |||||
| CVE-2023-53967 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | |||||
| CVE-2023-53968 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | N/A | 9.8 CRITICAL |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | |||||
| CVE-2023-7328 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | N/A | 5.3 MEDIUM |
| Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values. | |||||
| CVE-2023-53974 | 1 Dlink | 2 Dsl-124, Dsl-124 Firmware | 2025-12-26 | N/A | 7.5 HIGH |
| D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations. | |||||
| CVE-2023-53896 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-12-24 | N/A | 7.5 HIGH |
| D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script. | |||||
| CVE-2025-52692 | 1 Linksys | 2 E9450-sg, E9450-sg Firmware | 2025-12-23 | N/A | 8.8 HIGH |
| Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials. | |||||
| CVE-2025-14567 | 1 Haxxorsid | 1 Stock-management-system | 2025-12-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3699 | 2025-12-23 | N/A | 9.8 CRITICAL | ||
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information. | |||||
| CVE-2025-7635 | 1 Calix | 1 Calix Gigacenter Ont | 2025-12-22 | N/A | 7.7 HIGH |
| Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | |||||
| CVE-2025-27019 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-27020 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||