Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6718 | 1 Europeana | 1 Repox | 2026-06-17 | N/A | 9.4 CRITICAL |
| An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users. | |||||
| CVE-2023-6595 | 1 Progress | 1 Whatsup Gold | 2026-06-17 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. | |||||
| CVE-2023-6368 | 1 Progress | 1 Whatsup Gold | 2026-06-17 | N/A | 5.9 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. | |||||
| CVE-2023-6221 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2026-06-17 | N/A | 7.7 HIGH |
| The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more. | |||||
| CVE-2023-6215 | 2026-06-17 | N/A | N/A | ||
| A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to mitigate the potential vulnerability. | |||||
| CVE-2023-5935 | 2026-06-17 | N/A | 7.4 HIGH | ||
| When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed. | |||||
| CVE-2023-5881 | 1 Geniecompany | 2 Aladdin Connect Garage Door Opener, Aladdin Connect Garage Door Opener Firmware | 2026-06-17 | N/A | 8.2 HIGH |
| Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings. | |||||
| CVE-2023-5716 | 1 Asus | 1 Armoury Crate | 2026-06-17 | N/A | 9.8 CRITICAL |
| ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. | |||||
| CVE-2023-5376 | 1 Korenix | 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more | 2026-06-17 | N/A | 8.6 HIGH |
| An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. | |||||
| CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2026-06-17 | N/A | 5.3 MEDIUM |
| A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | |||||
| CVE-2023-54335 | 1 Extplorer | 1 Extplorer | 2026-06-17 | N/A | 9.8 CRITICAL |
| eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system. | |||||
| CVE-2023-53974 | 1 Dlink | 2 Dsl-124, Dsl-124 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations. | |||||
| CVE-2023-53970 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | |||||
| CVE-2023-53969 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | |||||
| CVE-2023-53968 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | |||||
| CVE-2023-53967 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | |||||
| CVE-2023-53964 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control. | |||||
| CVE-2023-53896 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script. | |||||
| CVE-2023-53774 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 9.8 CRITICAL |
| MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely. | |||||
| CVE-2023-53773 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 5.3 MEDIUM |
| MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication. | |||||