Export limit exceeded: 340834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10924 | 1 Really-simple-plugins | 1 Really Simple Security | 2026-01-23 | 9.8 Critical |
| The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). | ||||
| CVE-2025-54833 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | 5.3 Medium |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords. | ||||
| CVE-2025-63391 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-01-22 | 7.5 High |
| An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers. | ||||
| CVE-2025-63390 | 1 Mintplexlabs | 1 Anythingllm | 2026-01-22 | 5.3 Medium |
| An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed data includes: workspace identifiers (id, name, slug), AI model configurations (chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters (temperature, history length, similarity thresholds), vector search settings, chat modes, and timestamps. | ||||
| CVE-2025-63389 | 1 Ollama | 1 Ollama | 2026-01-22 | 9.8 Critical |
| A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations. | ||||
| CVE-2025-63896 | 2 Jxl, Jxlindia | 3 Jxl Double Din Player, Jxl 9 Inch Car Android Double Din Player, Jxl 9 Inch Car Android Double Din Player Firmware | 2026-01-22 | 7.6 High |
| An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device. | ||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-22 | 2.9 Low |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | ||||
| CVE-2025-12548 | 1 Redhat | 1 Openshift Devspaces | 2026-01-21 | 9 Critical |
| A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333. | ||||
| CVE-2026-22788 | 1 Wem-project | 1 Wem | 2026-01-21 | 8.2 High |
| WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19. | ||||
| CVE-2025-65824 | 1 Meatmeet | 3 Meatmeet, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware | 2026-01-21 | 8.8 High |
| An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet. | ||||
| CVE-2026-22812 | 2 Anoma, Anomalyco | 2 Opencode, Opencode | 2026-01-21 | 8.8 High |
| OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216. | ||||
| CVE-2025-62582 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaview | 2026-01-20 | 9.8 Critical |
| Delta Electronics DIAView has multiple vulnerabilities. | ||||
| CVE-2025-14510 | 1 Abb | 1 Ability Optimax | 2026-01-19 | 8.1 High |
| Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120. | ||||
| CVE-2025-67091 | 1 Gl-inet | 2 Ax1800, Ax1800 Firmware | 2026-01-16 | 6.5 Medium |
| An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory. | ||||
| CVE-2025-67090 | 1 Gl-inet | 2 Ax1800, Ax1800 Firmware | 2026-01-16 | 5.1 Medium |
| The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface. | ||||
| CVE-2025-46603 | 1 Dell | 1 Cloudboost Virtual Appliance | 2026-01-16 | 7 High |
| Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2025-12941 | 1 Netgear | 4 C6220, C6220 Firmware, C6230 and 1 more | 2026-01-16 | 5.7 Medium |
| Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router. | ||||
| CVE-2024-58336 | 1 Akuvox | 26 C313w-2, C313w-2 Firmware, Nc-2 and 23 more | 2026-01-16 | 5.3 Medium |
| Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices. | ||||
| CVE-2023-53964 | 1 Sound4 | 18 Big Voice2, Big Voice2 Firmware, Big Voice4 and 15 more | 2026-01-16 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control. | ||||
| CVE-2025-14058 | 1 Lenovo | 31 Idea Tab Pro Tb373fu, Idea Tab Tb336fu, Legion Tab Tb320fc and 28 more | 2026-01-16 | 3.2 Low |
| A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled. | ||||