Search Results (2519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1810 1 Dlink 2 Dwl-900ap\+, Dwl-900ap\+ Firmware 2026-04-16 7.5 High
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
CVE-2004-0213 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
CVE-2026-39393 1 Ci4-cms-erp 1 Ci4ms 2026-04-16 8.1 High
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss (TTL expiry or admin-triggered cache clear), the guard fails open, allowing an unauthenticated attacker to overwrite the .env file with attacker-controlled database credentials, achieving full application takeover. This vulnerability is fixed in 0.31.4.0.
CVE-2026-27028 1 Mobility46 1 Mobility46.se 2026-04-16 9.4 Critical
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVE-2026-22207 1 Volcengine 1 Openviking 2026-04-15 9.8 Critical
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.
CVE-2026-0942 3 Linknacional, Woocommerce, Wordpress 3 Rede Itau For Woocommerce, Woocommerce, Wordpress 2026-04-15 5.3 Medium
The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.
CVE-2026-26125 1 Microsoft 1 Payment Orchestrator Service 2026-04-15 8.6 High
Payment Orchestrator Service Elevation of Privilege Vulnerability
CVE-2026-35450 1 Wwbn 1 Avideo 2026-04-15 5.3 Medium
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints (kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php) require User::isAdmin().
CVE-2026-1900 2 Linkwhisper, Wordpress 3 Link Whisper, Link Whisper Free, Wordpress 2026-04-15 6.5 Medium
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.
CVE-2026-4640 2 Galaxy Software Services Corporation, Gss 2 Vitals Esp, Vitalsesp 2026-04-15 7.5 High
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
CVE-2017-20217 1 Serviio 1 Serviio Pro 2026-04-15 7.5 High
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.
CVE-2019-25483 1 Comtrend 1 Ar-5310 2026-04-15 8.4 High
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.
CVE-2017-20220 1 Serviio 1 Serviio Pro 2026-04-15 7.5 High
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.
CVE-2025-69425 2026-04-15 N/A
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
CVE-2025-9214 1 Lenovo 1 Printer 2026-04-15 5.4 Medium
A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.
CVE-2023-22650 1 Suse 1 Rancher 2026-04-15 8.8 High
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.
CVE-2024-48768 1 Almando 1 Almando Control Firmware 2026-04-15 7.5 High
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2023-1083 1 Welotec 5 Tk515l, Tk525l, Tk525u and 2 more 2026-04-15 9.8 Critical
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
CVE-2025-34101 1 Plex 1 Media Server Firmware 2026-04-15 N/A
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
CVE-2014-125113 2 Dell, Quest 2 Kace K1000 Systems Management Appliance Software, Kace Systems Management Appliance 2026-04-15 N/A
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.