Total
1469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22441 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | 8.6 High |
| Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | ||||
| CVE-2023-1096 | 1 Netapp | 1 Snapcenter | 2025-01-27 | 9.8 Critical |
| SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | ||||
| CVE-2023-23444 | 1 Sick | 22 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 19 more | 2025-01-24 | 7.5 High |
| Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | ||||
| CVE-2024-45276 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2025-01-24 | 7.5 High |
| An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | ||||
| CVE-2024-26263 | 2 Ebm Technologies, Ebmtech | 2 Risweb, Risweb | 2025-01-23 | 5.3 Medium |
| EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | ||||
| CVE-2024-26235 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-23 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2023-24934 | 1 Microsoft | 1 Malware Protection Platform | 2025-01-23 | 6.2 Medium |
| Microsoft Defender Security Feature Bypass Vulnerability | ||||
| CVE-2024-47574 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2025-01-21 | 7.4 High |
| A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | ||||
| CVE-2024-7125 | 2 Hitachi, Linux | 2 Ops Center Common Services, Linux Kernel | 2025-01-21 | 7.8 High |
| Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | ||||
| CVE-2024-12757 | 2025-01-21 | 8.6 High | ||
| Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | ||||
| CVE-2025-0355 | 2025-01-21 | 7.5 High | ||
| Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | ||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2025-01-17 | 9.8 Critical |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | ||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | 10 Critical |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | ||||
| CVE-2023-1837 | 1 Hypr | 1 Hypr Server | 2025-01-17 | 8.5 High |
| Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | ||||
| CVE-2024-9137 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9004 and 4 more | 2025-01-17 | 9.4 Critical |
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | ||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2025-01-16 | 9.8 Critical |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | ||||
| CVE-2023-0102 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 9.1 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | ||||
| CVE-2023-22803 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 7.5 High |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. | ||||
| CVE-2023-22804 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 9.1 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device. | ||||
| CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | ||||