Export limit exceeded: 10734 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3586 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12735 | 1 Siemens | 2 Logo\!, Logo\! 8 Bm Firmware | 2025-04-20 | 7.4 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. | ||||
| CVE-2017-2708 | 1 Huawei | 2 Nice, Nice Firmware | 2025-04-20 | N/A |
| The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | ||||
| CVE-2017-7915 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2025-04-20 | N/A |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | ||||
| CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | ||||
| CVE-2017-3819 | 1 Cisco | 2 Asr 5000 Series Software, Virtualized Packet Core | 2025-04-20 | N/A |
| A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853. | ||||
| CVE-2024-48950 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-18 | 7.5 High |
| An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | ||||
| CVE-2022-1070 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2021-26264 | 1 Emerson | 2 Deltav Distributed Control System, Deltav Workstation | 2025-04-17 | 6.1 Medium |
| A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | ||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | ||||
| CVE-2024-2076 | 1 Codeastro | 1 House Rental Management System | 2025-04-16 | 5.3 Medium |
| A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392. | ||||
| CVE-2021-33008 | 1 Aveva | 1 System Platform | 2025-04-16 | 8.8 High |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | ||||
| CVE-2022-41644 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. | ||||
| CVE-2021-33843 | 1 Fresenius-kabi | 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware | 2025-04-16 | 5.3 Medium |
| Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings. | ||||
| CVE-2020-10640 | 1 Emerson | 1 Openenterprise Scada Server | 2025-04-16 | 10 Critical |
| Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | ||||
| CVE-2022-25922 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2025-04-16 | 6.1 Medium |
| Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. | ||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 9.8 Critical |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | ||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 7.5 High |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | ||||
| CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 9.8 Critical |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | ||||
| CVE-2022-0922 | 1 Philips | 2 E-alert, E-alert Firmware | 2025-04-16 | 6.5 Medium |
| The software does not perform any authentication for critical system functionality. | ||||
| CVE-2020-14479 | 1 Inductiveautomation | 1 Ignition | 2025-04-16 | 5.3 Medium |
| Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server | ||||