Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2503 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||
| CVE-2024-51362 | 1 Lsc Smart Connect | 1 Indoor Camera Firmware | 2026-04-15 | 6.5 Medium |
| The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | ||||
| CVE-2024-53623 | 1 Tp-link | 1 Archer C7 Firmware | 2026-04-15 | 7.5 High |
| Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. | ||||
| CVE-2024-53701 | 2026-04-15 | N/A | ||
| Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated. | ||||
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2026-04-15 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2024-8419 | 2026-04-15 | 7.5 High | ||
| The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication. | ||||
| CVE-2024-8530 | 1 Schneider-electric | 1 Data Center Expert | 2026-04-15 | 5.9 Medium |
| CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. | ||||
| CVE-2024-9430 | 1 Wpcloudtechnologies | 1 Get A Quote For Woocommerce | 2026-04-15 | 5.3 Medium |
| The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. | ||||
| CVE-2025-10452 | 1 Gotac | 1 Statistical Database System | 2026-04-15 | 9.8 Critical |
| Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges. | ||||
| CVE-2025-10672 | 1 Whuan132 | 1 Aibattery | 2026-04-15 | 7.8 High |
| A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used. | ||||
| CVE-2025-10991 | 1 Tp-link | 3 Tapo, Tapo D230s1, Tp-link | 2026-04-15 | N/A |
| The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907. | ||||
| CVE-2025-11852 | 1 Apeman | 1 Apeman | 2026-04-15 | 5.3 Medium |
| A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12108 | 1 Survision | 1 License Plate Recognition Camera | 2026-04-15 | N/A |
| The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check. | ||||
| CVE-2025-14346 | 2026-04-15 | 9.8 Critical | ||
| WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction. | ||||
| CVE-2025-1907 | 2026-04-15 | 9.8 Critical | ||
| Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. | ||||
| CVE-2025-23293 | 1 Nvidia | 1 License System | 2026-04-15 | 8.7 High |
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2025-23356 | 1 Nvidia | 1 Isaac Lab | 2026-04-15 | 8.4 High |
| NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2025-24924 | 2026-04-15 | 9.8 Critical | ||
| Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username | ||||
| CVE-2025-30037 | 1 Cgm | 1 Clininet | 2026-04-15 | N/A |
| The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2026-04-15 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||