Total
1544 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30111 | 2025-03-24 | N/A | 7.5 HIGH | ||
| On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication. | |||||
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48289 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48288 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-31266 | 1 Ilias | 1 Ilias | 2025-03-20 | 7.5 HIGH | 4.3 MEDIUM |
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2024-48791 | 2025-03-19 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-50630 | 2025-03-19 | N/A | 7.5 HIGH | ||
| Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. | |||||
| CVE-2022-47703 | 1 Tianjie | 2 Cpe906-3, Cpe906-3 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | |||||
| CVE-2022-45551 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | |||||
| CVE-2022-44216 | 1 Sir | 1 Gnuboard | 2025-03-18 | N/A | 7.5 HIGH |
| Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | |||||
| CVE-2024-21006 | 1 Oracle | 1 Weblogic Server | 2025-03-18 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2023-23453 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more | 2025-03-18 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2023-23452 | 1 Sick | 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more | 2025-03-18 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2024-23943 | 2025-03-18 | N/A | 9.1 CRITICAL | ||
| An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected. | |||||
| CVE-2025-21524 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | N/A | 9.8 CRITICAL |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2025-21515 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | N/A | 8.8 HIGH |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-10148 | 1 Solarwinds | 1 Orion Platform | 2025-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | |||||
| CVE-2024-21014 | 1 Oracle | 1 Hospitality Simphony | 2025-03-17 | N/A | 9.8 CRITICAL |
| Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-4699 | 1 Mitsubishielectric | 432 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 429 more | 2025-03-17 | N/A | 10.0 CRITICAL |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely. | |||||
| CVE-2025-2344 | 2025-03-16 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||