Total
2386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1837 | 1 Hypr | 1 Hypr Server | 2026-06-17 | N/A | 8.5 HIGH |
| Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | |||||
| CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2026-06-17 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | |||||
| CVE-2023-1096 | 1 Netapp | 1 Snapcenter | 2026-06-17 | N/A | 9.8 CRITICAL |
| SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | |||||
| CVE-2023-1083 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | |||||
| CVE-2023-0919 | 1 Kavitareader | 1 Kavita | 2026-06-17 | N/A | 8.1 HIGH |
| Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | |||||
| CVE-2023-0906 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | |||||
| CVE-2023-0463 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | N/A | 3.3 LOW |
| The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. | |||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2026-06-17 | N/A | 7.5 HIGH |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-0102 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | |||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | |||||
| CVE-2022-50981 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced. | |||||
| CVE-2022-50980 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN. | |||||
| CVE-2022-50979 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | |||||
| CVE-2022-50978 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | |||||
| CVE-2022-50977 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | |||||
| CVE-2022-50790 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-06-17 | N/A | 7.5 HIGH |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication. | |||||
| CVE-2022-50595 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2022-50594 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 7.5 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | |||||
| CVE-2022-50593 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 9.8 CRITICAL |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2022-50592 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||