Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2503 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49399 1 Elvaco 1 Cme3100 Firmware 2026-04-15 N/A
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
CVE-2024-51362 1 Lsc Smart Connect 1 Indoor Camera Firmware 2026-04-15 6.5 Medium
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network.
CVE-2024-53623 1 Tp-link 1 Archer C7 Firmware 2026-04-15 7.5 High
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
CVE-2024-53701 2026-04-15 N/A
Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated.
CVE-2024-8310 1 Opwglobal 1 Sitesentinel Firmware 2026-04-15 9.8 Critical
OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.
CVE-2024-8419 2026-04-15 7.5 High
The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
CVE-2024-8530 1 Schneider-electric 1 Data Center Expert 2026-04-15 5.9 Medium
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.
CVE-2024-9430 1 Wpcloudtechnologies 1 Get A Quote For Woocommerce 2026-04-15 5.3 Medium
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents.
CVE-2025-10452 1 Gotac 1 Statistical Database System 2026-04-15 9.8 Critical
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.
CVE-2025-10672 1 Whuan132 1 Aibattery 2026-04-15 7.8 High
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used.
CVE-2025-10991 1 Tp-link 3 Tapo, Tapo D230s1, Tp-link 2026-04-15 N/A
The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.
CVE-2025-11852 1 Apeman 1 Apeman 2026-04-15 5.3 Medium
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-12108 1 Survision 1 License Plate Recognition Camera 2026-04-15 N/A
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
CVE-2025-14346 2026-04-15 9.8 Critical
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
CVE-2025-1907 2026-04-15 9.8 Critical
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
CVE-2025-23293 1 Nvidia 1 License System 2026-04-15 8.7 High
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-23356 1 Nvidia 1 Isaac Lab 2026-04-15 8.4 High
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2025-24924 2026-04-15 9.8 Critical
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username
CVE-2025-30037 1 Cgm 1 Clininet 2026-04-15 N/A
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
CVE-2025-30039 1 Cgm 1 Clininet 2026-04-15 N/A
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges.