Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10271 | 1 Oracle | 1 Weblogic Server | 2025-01-28 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2023-22441 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | 8.6 High |
| Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | ||||
| CVE-2023-1096 | 1 Netapp | 1 Snapcenter | 2025-01-27 | 9.8 Critical |
| SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | ||||
| CVE-2023-23444 | 1 Sick | 22 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 19 more | 2025-01-24 | 7.5 High |
| Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | ||||
| CVE-2024-45276 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2025-01-24 | 7.5 High |
| An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | ||||
| CVE-2024-26263 | 2 Ebm Technologies, Ebmtech | 2 Risweb, Risweb | 2025-01-23 | 5.3 Medium |
| EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | ||||
| CVE-2024-38143 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-23 | 4.2 Medium |
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-26235 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-23 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2023-24934 | 1 Microsoft | 1 Malware Protection Platform | 2025-01-23 | 6.2 Medium |
| Microsoft Defender Security Feature Bypass Vulnerability | ||||
| CVE-2024-47574 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2025-01-21 | 7.4 High |
| A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | ||||
| CVE-2024-7125 | 2 Hitachi, Linux | 2 Ops Center Common Services, Linux Kernel | 2025-01-21 | 7.8 High |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | ||||
| CVE-2024-12757 | 2025-01-21 | 8.6 High | ||
| Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | ||||
| CVE-2025-0355 | 2025-01-21 | 7.5 High | ||
| Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | ||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2025-01-17 | 9.8 Critical |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | ||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | 10 Critical |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | ||||
| CVE-2023-1837 | 1 Hypr | 1 Hypr Server | 2025-01-17 | 8.5 High |
| Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | ||||
| CVE-2024-9137 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9004 and 4 more | 2025-01-17 | 9.4 Critical |
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | ||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2025-01-16 | 9.8 Critical |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | ||||
| CVE-2023-0102 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 9.1 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | ||||
| CVE-2023-22803 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 7.5 High |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. | ||||