Total
1444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2004 | 1 Hp | 1 Data Protector | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | |||||
| CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | |||||
| CVE-2014-4872 | 1 Bmc | 1 Track-it\! | 2025-04-12 | 7.5 HIGH | N/A |
| BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | |||||
| CVE-2014-2590 | 1 Siemens | 3 Ruggedcom Rs950g, Ruggedcom Rsg2488, Ruggedcom Rugged Operating System | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. | |||||
| CVE-2025-0256 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 4.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | |||||
| CVE-2023-31132 | 2 Cacti, Microsoft | 2 Cacti, Windows | 2025-04-11 | N/A | 7.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2011-3055 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 4.3 MEDIUM | N/A |
| The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | |||||
| CVE-2025-1283 | 1 Dingtian-tech | 8 Dt-r002, Dt-r002 Firmware, Dt-r008 and 5 more | 2025-04-10 | N/A | 9.8 CRITICAL |
| The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | |||||
| CVE-2025-0257 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-10 | N/A | 6.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2025-29870 | 2025-04-09 | N/A | 7.5 HIGH | ||
| Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information. | |||||
| CVE-2008-6827 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | |||||
| CVE-2007-0956 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 10.0 HIGH | N/A |
| The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. | |||||
| CVE-2009-1780 | 1 Frax | 1 Php Recommend | 2025-04-09 | 7.5 HIGH | N/A |
| admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters. | |||||
| CVE-2025-21559 | 1 Oracle | 1 Mysql Server | 2025-04-08 | N/A | 5.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2024-41791 | 2025-04-08 | N/A | 7.3 HIGH | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. | |||||
| CVE-2024-41793 | 2025-04-08 | N/A | 8.6 HIGH | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh. | |||||
| CVE-2024-3777 | 1 Ai3 | 1 Qbibot | 2025-04-08 | N/A | 9.8 CRITICAL |
| The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | |||||
| CVE-2022-46463 | 1 Linuxfoundation | 1 Harbor | 2025-04-08 | N/A | 7.5 HIGH |
| An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." | |||||
| CVE-2022-43976 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. | |||||
| CVE-2023-37265 | 1 Icewhale | 2 Casaos, Casaos-gateway | 2025-04-07 | N/A | 9.8 CRITICAL |
| CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. | |||||