Total
1463 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7125 | 2 Hitachi, Linux | 2 Ops Center Common Services, Linux Kernel | 2025-01-21 | N/A | 7.8 HIGH |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | |||||
| CVE-2025-0355 | 2025-01-21 | N/A | 7.5 HIGH | ||
| Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | |||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2025-01-17 | N/A | 9.8 CRITICAL |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | |||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 10.0 CRITICAL |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||||
| CVE-2024-12757 | 2025-01-17 | N/A | 8.6 HIGH | ||
| Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | |||||
| CVE-2024-9137 | 2025-01-17 | N/A | 9.4 CRITICAL | ||
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | |||||
| CVE-2023-33247 | 1 Talend | 1 Data Catalog | 2025-01-16 | N/A | 7.5 HIGH |
| Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | |||||
| CVE-2023-31594 | 1 Ic | 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware | 2025-01-16 | N/A | 7.5 HIGH |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | |||||
| CVE-2025-0456 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
| The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | |||||
| CVE-2023-31227 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | |||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2025-01-15 | N/A | 7.6 HIGH |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | |||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A | 7.4 HIGH |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2024-39773 | 2025-01-14 | N/A | 5.3 MEDIUM | ||
| An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2024-39608 | 2025-01-14 | N/A | 10.0 CRITICAL | ||
| A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | |||||
| CVE-2024-39273 | 2025-01-14 | N/A | 9.0 CRITICAL | ||
| A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-36249 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.4 MEDIUM |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | |||||
| CVE-2024-26235 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-13185 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2024-13173 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||