Search Results (2503 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50981 2 Avibia, Innomic 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more 2026-04-15 9.8 Critical
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
CVE-2023-22650 1 Suse 1 Rancher 2026-04-15 8.8 High
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.
CVE-2025-25060 2026-04-15 N/A
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
CVE-2025-2344 2026-04-15 5.3 Medium
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-23356 1 Nvidia 1 Isaac Lab 2026-04-15 8.4 High
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2023-25493 1 Lenovo 1 Bios 2026-04-15 6.7 Medium
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.
CVE-2025-20702 1 Airoha 6 Ab156x, Ab157x, Ab158x and 3 more 2026-04-15 8.8 High
In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-20700 1 Airoha 6 Ab156x, Ab157x, Ab158x and 3 more 2026-04-15 8.8 High
In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-1907 2026-04-15 9.8 Critical
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
CVE-2025-14346 2026-04-15 9.8 Critical
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
CVE-2025-14058 1 Lenovo 31 Idea Tab Pro Tb373fu, Idea Tab Tb336fu, Legion Tab Tb320fc and 28 more 2026-04-15 3.2 Low
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
CVE-2023-41918 2026-04-15 10 Critical
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.
CVE-2025-13607 1 D-link 1 Dcs-f5614-l1 2026-04-15 9.4 Critical
A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.
CVE-2023-47232 2 Mojofywp, Wordpress 2 Wp Affiliate Disclosure, Wordpress 2026-04-15 4.3 Medium
Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.
CVE-2025-1272 1 Redhat 2 Enterprise Linux, Openshift 2026-04-15 7.7 High
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.
CVE-2023-4857 2026-04-15 7.5 High
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.
CVE-2025-12386 1 Pix-link 1 Lv-wr21q 2026-04-15 N/A
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVE-2025-12108 1 Survision 1 License Plate Recognition Camera 2026-04-15 N/A
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
CVE-2025-12003 1 Asus 1 Router 2026-04-15 N/A
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
CVE-2025-11672 1 Ebmtech 1 Uniweb/solipacs Webserver 2026-04-15 5.3 Medium
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.