Search Results (2500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47272 2026-04-15 5.5 Medium
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.
CVE-2025-41716 1 Wago 1 Solution Builder 2026-04-15 5.3 Medium
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
CVE-2025-41703 1 Phoenix Contact 4 Quint4-ups/24dc/24dc/10/eip, Quint4-ups/24dc/24dc/20/eip, Quint4-ups/24dc/24dc/40/eip and 1 more 2026-04-15 7.5 High
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.
CVE-2025-12548 1 Redhat 1 Openshift Devspaces 2026-04-15 9 Critical
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.
CVE-2025-13607 1 D-link 1 Dcs-f5614-l1 2026-04-15 9.4 Critical
A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.
CVE-2025-41689 2026-04-15 7.5 High
An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
CVE-2025-14058 1 Lenovo 31 Idea Tab Pro Tb373fu, Idea Tab Tb336fu, Legion Tab Tb320fc and 28 more 2026-04-15 3.2 Low
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
CVE-2025-41686 2026-04-15 7.8 High
A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.
CVE-2025-41715 2026-04-15 9.8 Critical
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2025-41656 1 Nodered 1 Node-red 2026-04-15 10 Critical
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
CVE-2021-47710 1 Commax 1 Smart Home System 2026-04-15 N/A
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
CVE-2025-41655 2026-04-15 7.5 High
An unauthenticated remote attacker can access a URL which causes the device to reboot.
CVE-2025-20700 1 Airoha 6 Ab156x, Ab157x, Ab158x and 3 more 2026-04-15 8.8 High
In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-20702 1 Airoha 6 Ab156x, Ab157x, Ab158x and 3 more 2026-04-15 8.8 High
In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-41654 2026-04-15 8.2 High
An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.
CVE-2025-23194 2026-04-15 5.3 Medium
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application.
CVE-2025-23293 1 Nvidia 1 License System 2026-04-15 8.7 High
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-23356 1 Nvidia 1 Isaac Lab 2026-04-15 8.4 High
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2021-47709 1 Commax 1 Smart Home System 2026-04-15 N/A
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
CVE-2025-25060 2026-04-15 N/A
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.