Export limit exceeded: 352355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2026-04-15 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2024-8751 | 1 Sick | 1 Msc800 Firmware | 2026-04-15 | 7.5 High |
| A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. | ||||
| CVE-2024-9430 | 1 Wpcloudtechnologies | 1 Get A Quote For Woocommerce | 2026-04-15 | 5.3 Medium |
| The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. | ||||
| CVE-2025-10452 | 1 Gotac | 1 Statistical Database System | 2026-04-15 | 9.8 Critical |
| Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges. | ||||
| CVE-2025-10906 | 2 Apple, Magnetism Studios | 2 Macos, Endurance | 2026-04-15 | 8.4 High |
| A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used. | ||||
| CVE-2025-10991 | 1 Tp-link | 3 Tapo, Tapo D230s1, Tp-link | 2026-04-15 | N/A |
| The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907. | ||||
| CVE-2025-52551 | 2026-04-15 | N/A | ||
| E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. | ||||
| CVE-2025-11007 | 2 Ce21, Wordpress | 2 Ce21-suite, Wordpress | 2026-04-15 | 9.8 Critical |
| The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site. | ||||
| CVE-2025-11671 | 1 Ebmtech | 1 Uniweb/solipacs Webserver | 2026-04-15 | 5.3 Medium |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses. | ||||
| CVE-2025-5095 | 1 Burk | 1 Arc Solo | 2026-04-15 | 9.8 Critical |
| Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy. | ||||
| CVE-2025-11672 | 1 Ebmtech | 1 Uniweb/solipacs Webserver | 2026-04-15 | 5.3 Medium |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names. | ||||
| CVE-2025-48397 | 1 Eaton | 1 Brightlayer Software Suite | 2026-04-15 | 7.1 High |
| The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||||
| CVE-2025-46275 | 2026-04-15 | 9.8 Critical | ||
| WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials. | ||||
| CVE-2025-41716 | 1 Wago | 1 Solution Builder | 2026-04-15 | 5.3 Medium |
| The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. | ||||
| CVE-2025-41715 | 2026-04-15 | 9.8 Critical | ||
| The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it. | ||||
| CVE-2025-41689 | 2026-04-15 | 7.5 High | ||
| An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data. | ||||
| CVE-2025-41090 | 1 Ccn-cert | 1 Microclaudia | 2026-04-15 | N/A |
| microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a compromised endpoint or deduced manually. This vulnerability allows access between tenants, enabling an attacker to list and manage remote assets, uninstall agents, and even delete vaccines configurations. | ||||
| CVE-2025-3699 | 2026-04-15 | 9.8 Critical | ||
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information. | ||||
| CVE-2025-36757 | 1 Solax | 1 Solax Cloud | 2026-04-15 | N/A |
| It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. | ||||
| CVE-2025-1701 | 2026-04-15 | N/A | ||
| CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3 | ||||