Export limit exceeded: 341427 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3081 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2025-03-25 | 9.8 Critical |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | ||||
| CVE-2022-48299 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-43761 | 1 Br-automation | 1 Industrial Automation Aprol | 2025-03-25 | 9.4 Critical |
| Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | ||||
| CVE-2025-30111 | 2025-03-24 | 7.5 High | ||
| On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication. | ||||
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-48289 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-48288 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2025-03-24 | 6.8 Medium |
| Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | ||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | 6.8 Medium |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | ||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2025-03-24 | 9.8 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2022-31266 | 1 Ilias | 1 Ilias | 2025-03-20 | 4.3 Medium |
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2025-1496 | 2025-03-20 | 6.5 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | ||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2025-03-19 | 9.8 Critical |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | ||||
| CVE-2024-48791 | 1 Plug N Play Camera | 1 Plug N Play Camera | 2025-03-19 | 7.5 High |
| An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2022-47703 | 1 Tianjie | 2 Cpe906-3, Cpe906-3 Firmware | 2025-03-18 | 7.5 High |
| TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | ||||
| CVE-2022-45551 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-18 | 9.8 Critical |
| An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | ||||
| CVE-2022-44216 | 1 Sir | 1 Gnuboard | 2025-03-18 | 7.5 High |
| Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | ||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | ||||
| CVE-2023-0860 | 1 Modoboa | 1 Installer | 2025-03-18 | 7.5 High |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | ||||
| CVE-2024-21006 | 1 Oracle | 1 Weblogic Server | 2025-03-18 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||