Total
1469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2138 | 1 Advantech | 1 Iview | 2025-04-16 | 8.2 High |
| The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | ||||
| CVE-2022-1368 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2025-04-16 | 9.8 Critical |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account. | ||||
| CVE-2022-2474 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2025-04-16 | 9.8 Critical |
| Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | ||||
| CVE-2022-40202 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 9.8 Critical |
| The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. | ||||
| CVE-2022-41688 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. | ||||
| CVE-2022-41776 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 7.5 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | ||||
| CVE-2022-41629 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 7.5 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. | ||||
| CVE-2025-27642 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. | ||||
| CVE-2025-32782 | 2025-04-16 | 5.3 Medium | ||
| Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user’s email and potentially have it auto-confirmed by the victim’s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0. | ||||
| CVE-2022-47377 | 1 Sick | 2 Sim2000 Firmware, Sim2000st | 2025-04-16 | 9.8 Critical |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2025-27538 | 2025-04-16 | 2.2 Low | ||
| Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA. | ||||
| CVE-2025-2567 | 2025-04-16 | 9.8 Critical | ||
| An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation. | ||||
| CVE-2024-38143 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-04-15 | 4.2 Medium |
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-27647 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002. | ||||
| CVE-2022-3188 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2025-04-15 | 5.3 Medium |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users. | ||||
| CVE-2021-21964 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2025-04-15 | 7.4 High |
| A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2022-26026 | 1 Openautomationsoftware | 1 Oas Platform | 2025-04-15 | 7.5 High |
| A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-26043 | 1 Openautomationsoftware | 1 Oas Platform | 2025-04-15 | 7.5 High |
| An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26067 | 1 Openautomationsoftware | 1 Oas Platform | 2025-04-15 | 4.9 Medium |
| An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26082 | 1 Openautomationsoftware | 1 Oas Platform | 2025-04-15 | 9.1 Critical |
| A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||