Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6406 | 2026-06-17 | N/A | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affects Mobile Library Application: before 5.0. | |||||
| CVE-2024-6347 | 1 Nissan-global | 2 Altima, Blind Spot Detection Sensor Ecu Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. | |||||
| CVE-2024-5952 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174. | |||||
| CVE-2024-5951 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173. | |||||
| CVE-2024-5947 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. | |||||
| CVE-2024-5910 | 1 Paloaltonetworks | 1 Expedition | 2026-06-17 | N/A | 9.8 CRITICAL |
| Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. | |||||
| CVE-2024-5749 | 1 Hp | 30 1jl02b, 1jl02b Firmware, F9a29a and 27 more | 2026-06-17 | N/A | 7.5 HIGH |
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | |||||
| CVE-2024-5721 | 1 Logsign | 1 Unified Secops Platform | 2026-06-17 | N/A | 8.1 HIGH |
| Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169. | |||||
| CVE-2024-5718 | 1 Logsign | 1 Unified Secops Platform | 2026-06-17 | N/A | 8.1 HIGH |
| Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166. | |||||
| CVE-2024-5143 | 1 Hp | 16 W1a75a, W1a75a Firmware, W1a76a and 13 more | 2026-06-17 | N/A | 6.8 MEDIUM |
| A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. | |||||
| CVE-2024-58336 | 1 Akuvox | 24 C313w-2, C313w-2 Firmware, Nc-2 and 21 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices. | |||||
| CVE-2024-58300 | 2026-06-17 | N/A | N/A | ||
| Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device. | |||||
| CVE-2024-57725 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint. | |||||
| CVE-2024-57055 | 2026-06-17 | N/A | 5.0 MEDIUM | ||
| Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit. | |||||
| CVE-2024-56799 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7. | |||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2026-06-17 | N/A | 6.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2024-55585 | 2026-06-17 | N/A | N/A | ||
| In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword. | |||||
| CVE-2024-55538 | 2026-06-17 | N/A | 4.0 MEDIUM | ||
| Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2024-54984 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier. | |||||
| CVE-2024-54983 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. | |||||