Export limit exceeded: 364053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12371 2026-04-15 N/A
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.
CVE-2025-10906 2 Apple, Magnetism Studios 2 Macos, Endurance 2026-04-15 8.4 High
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used.
CVE-2025-41716 1 Wago 1 Solution Builder 2026-04-15 5.3 Medium
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
CVE-2020-12492 2026-04-15 N/A
Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.
CVE-2024-33616 2026-04-15 5.3 Medium
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVE-2024-8057 1 Danswer-ai 1 Danswer 2026-04-15 N/A
In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security.
CVE-2025-27935 1 Pingidentity 1 Pingfederate 2026-04-15 N/A
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
CVE-2025-5719 2026-04-15 N/A
The wallet has an authentication bypass vulnerability that allows access to specific pages.
CVE-2025-5187 1 Kubernetes 1 Kubernetes 2026-04-15 6.7 Medium
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
CVE-2024-8310 1 Opwglobal 1 Sitesentinel Firmware 2026-04-15 9.8 Critical
OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.
CVE-2025-58083 1 General Industrial Controls 1 Lynx+ Gateway 2026-04-15 10 Critical
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
CVE-2021-47891 2 Unified Intents, Unifiedremote 2 Unified Remote, Unified Remote 2026-04-15 9.8 Critical
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
CVE-2020-12484 2026-04-15 6.4 Medium
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.
CVE-2020-12491 2026-04-15 N/A
Improper control of framework service permissions with possibility of some sensitive device information leakage.
CVE-2022-32503 1 Nuki 2 Fob, Keypad 2026-04-15 7.6 High
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1.
CVE-2023-47232 2 Mojofywp, Wordpress 2 Wp Affiliate Disclosure, Wordpress 2026-04-15 4.3 Medium
Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.
CVE-2024-48773 1 Wo-smart 1 Morepro Firmware 2026-04-15 7.5 High
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2023-6949 1 Dji 1 Mini 3 Pro Firmware 2026-04-15 5.2 Medium
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.
CVE-2024-13173 2026-04-15 7.5 High
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.
CVE-2024-21846 2026-04-15 5.3 Medium
An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario.