Total
2047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30230 | 1 Siemens | 1 Sicam Gridedge Essential | 2025-11-12 | 9.8 Critical |
| A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. | ||||
| CVE-2022-30229 | 1 Siemens | 1 Sicam Gridedge Essential | 2025-11-12 | 7.2 High |
| A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known. | ||||
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2025-11-07 | 8.8 High |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | ||||
| CVE-2024-51567 | 1 Cyberpanel | 1 Cyberpanel | 2025-11-07 | 10 Critical |
| upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | ||||
| CVE-2022-23227 | 1 Nuuo | 2 Nvrmini2, Nvrmini2 Firmware | 2025-11-07 | 9.8 Critical |
| NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. | ||||
| CVE-2022-24990 | 1 Terra-master | 30 F2-210, F2-221, F2-223 and 27 more | 2025-11-07 | 9.8 Critical |
| TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | ||||
| CVE-2025-12476 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 9.8 Critical |
| Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | ||||
| CVE-2025-12477 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 9.8 Critical |
| Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | ||||
| CVE-2025-8558 | 1 Proofpoint | 1 Insider Threat Management Server | 2025-11-07 | 5.4 Medium |
| Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality. | ||||
| CVE-2025-9254 | 1 Uniong | 1 Webitr | 2025-11-06 | 9.8 Critical |
| WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality. | ||||
| CVE-2025-30135 | 2 Iroad, Iroadau | 3 Dashcam Fx2, Fx2, Fx2 Firmware | 2025-11-06 | 9.4 Critical |
| An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to http://192.168.10.1/mnt/extsd/event/, an attacker can download all stored video recordings in an unencrypted manner. Additionally, the RTSP stream on port 8554 is accessible without authentication, allowing an attacker to view live footage. | ||||
| CVE-2025-12108 | 1 Survision | 1 License Plate Recognition Camera | 2025-11-06 | N/A |
| The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check. | ||||
| CVE-2025-47357 | 1 Qualcomm | 49 Qam8255p, Qam8255p Firmware, Qam8620p and 46 more | 2025-11-05 | 8 High |
| Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions. | ||||
| CVE-2023-46381 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2025-11-04 | 8.2 High |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | ||||
| CVE-2023-40393 | 1 Apple | 1 Macos | 2025-11-04 | 7.5 High |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 7.1 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | ||||
| CVE-2025-11007 | 2 Ce21, Wordpress | 2 Ce21-suite, Wordpress | 2025-11-04 | 9.8 Critical |
| The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site. | ||||
| CVE-2024-33616 | 2025-11-04 | 5.3 Medium | ||
| Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2023-47166 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | 8.8 High |
| A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | 7.5 High |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | ||||