Export limit exceeded: 363680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8355 1 Smiths-medical 1 Cadd-solis Medication Safety Software 2025-04-20 N/A
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.
CVE-2016-5410 2 Firewalld, Redhat 6 Firewalld, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-20 N/A
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
CVE-2017-3216 5 Greenpacket, Huawei, Mada and 2 more 28 Ox350, Ox350 Firmware, Bm2022 and 25 more 2025-04-20 N/A
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
CVE-2017-6873 1 Siemens 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more 2025-04-20 N/A
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.
CVE-2017-6872 1 Siemens 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more 2025-04-20 N/A
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
CVE-2017-5637 3 Apache, Debian, Redhat 5 Zookeeper, Debian Linux, Jboss Bpms and 2 more 2025-04-20 N/A
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
CVE-2017-14417 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 9.8 Critical
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-1523 1 Ibm 1 Infosphere Master Data Management 2025-04-20 N/A
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.
CVE-2024-48950 1 Logpoint 2 Logpoint, Siem 2025-04-18 7.5 High
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2021-26264 1 Emerson 2 Deltav Distributed Control System, Deltav Workstation 2025-04-17 6.1 Medium
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
CVE-2024-2076 1 Codeastro 1 House Rental Management System 2025-04-16 5.3 Medium
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.
CVE-2021-33008 1 Aveva 1 System Platform 2025-04-16 8.8 High
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
CVE-2022-41644 1 Deltaww 1 Infrasuite Device Master 2025-04-16 8.8 High
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
CVE-2021-33843 1 Fresenius-kabi 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware 2025-04-16 5.3 Medium
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.
CVE-2020-10640 1 Emerson 1 Openenterprise Scada Server 2025-04-16 10 Critical
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2022-25922 1 Hegemonelectronics 2 Plc4trucks, Plc4trucks Firmware 2025-04-16 6.1 Medium
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
CVE-2022-25247 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 9.8 Critical
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
CVE-2022-25250 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 7.5 High
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.
CVE-2022-25251 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 9.8 Critical
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.