Total
2379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-53970 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | |||||
| CVE-2023-53969 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | |||||
| CVE-2023-53968 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | |||||
| CVE-2023-53967 | 1 Dbbroadcast | 2 Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | |||||
| CVE-2023-53964 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control. | |||||
| CVE-2023-53896 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script. | |||||
| CVE-2023-53774 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 9.8 CRITICAL |
| MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely. | |||||
| CVE-2023-53773 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 5.3 MEDIUM |
| MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication. | |||||
| CVE-2023-53771 | 1 Minidvblinux | 1 Minidvblinux | 2026-06-17 | N/A | 9.8 CRITICAL |
| MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials. | |||||
| CVE-2023-52949 | 1 Synology | 1 Active Backup For Business Agent | 2026-06-17 | N/A | 5.5 MEDIUM |
| Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | |||||
| CVE-2023-52947 | 1 Synology | 1 Active Backup For Business Agent | 2026-06-17 | N/A | 4.0 MEDIUM |
| Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. | |||||
| CVE-2023-51987 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | |||||
| CVE-2023-51947 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | |||||
| CVE-2023-51587 | 1 Voltronicpower | 1 Viewpower | 2026-06-17 | N/A | 7.5 HIGH |
| Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getModbusPassword method. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22073. | |||||
| CVE-2023-51478 | 1 Buildapp | 1 Build App Online | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2023-51062 | 1 Qstar | 1 Archive Storage Manager | 2026-06-17 | N/A | 5.3 MEDIUM |
| An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | |||||
| CVE-2023-50263 | 1 Networktocode | 1 Nautobot | 2026-06-17 | N/A | 3.7 LOW |
| Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions. | |||||
| CVE-2023-50199 | 1 Dlink | 2 G416, G416 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to gain access to critical functions on the device. Was ZDI-CAN-21287. | |||||
| CVE-2023-4884 | 1 Open5gs | 1 Open5gs | 2026-06-17 | N/A | 6.5 MEDIUM |
| An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | |||||
| CVE-2023-4815 | 1 Answer | 1 Answer | 2026-06-17 | N/A | 8.8 HIGH |
| Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. | |||||