Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-53771 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 9.8 CRITICAL |
| MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials. | |||||
| CVE-2023-52949 | 1 Synology | 1 Active Backup For Business Agent | 2026-06-17 | N/A | 5.5 MEDIUM |
| Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | |||||
| CVE-2023-52947 | 1 Synology | 1 Active Backup For Business Agent | 2026-06-17 | N/A | 4.0 MEDIUM |
| Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. | |||||
| CVE-2023-51987 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | |||||
| CVE-2023-51947 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | |||||
| CVE-2023-51587 | 1 Voltronicpower | 1 Viewpower | 2026-06-17 | N/A | 7.5 HIGH |
| Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getModbusPassword method. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22073. | |||||
| CVE-2023-51478 | 1 Buildapp | 1 Build App Online | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2023-51062 | 1 Qstar | 1 Archive Storage Manager | 2026-06-17 | N/A | 5.3 MEDIUM |
| An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | |||||
| CVE-2023-50263 | 1 Networktocode | 1 Nautobot | 2026-06-17 | N/A | 3.7 LOW |
| Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions. | |||||
| CVE-2023-50199 | 1 Dlink | 2 G416, G416 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to gain access to critical functions on the device. Was ZDI-CAN-21287. | |||||
| CVE-2023-4884 | 1 Open5gs | 1 Open5gs | 2026-06-17 | N/A | 6.5 MEDIUM |
| An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | |||||
| CVE-2023-4815 | 1 Answer | 1 Answer | 2026-06-17 | N/A | 8.8 HIGH |
| Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. | |||||
| CVE-2023-4699 | 1 Mitsubishielectric | 432 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 429 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely. | |||||
| CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2026-06-17 | N/A | 7.8 HIGH |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | |||||
| CVE-2023-4506 | 1 Miniorange | 1 Active Directory Integration \/ Ldap Integration | 2026-06-17 | N/A | 2.2 LOW |
| The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | |||||
| CVE-2023-4505 | 1 Miniorange | 1 Staff \/ Employee Business Directory For Active Directory | 2026-06-17 | N/A | 2.2 LOW |
| The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | |||||
| CVE-2023-4335 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2026-06-17 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | |||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2026-06-17 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | |||||
| CVE-2023-49693 | 1 Netgear | 1 Prosafe Network Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | |||||
| CVE-2023-49617 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2026-06-17 | N/A | 10.0 CRITICAL |
| The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication. | |||||