Export limit exceeded: 364053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12371 | 2026-04-15 | N/A | ||
| A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. | ||||
| CVE-2025-10906 | 2 Apple, Magnetism Studios | 2 Macos, Endurance | 2026-04-15 | 8.4 High |
| A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used. | ||||
| CVE-2025-41716 | 1 Wago | 1 Solution Builder | 2026-04-15 | 5.3 Medium |
| The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. | ||||
| CVE-2020-12492 | 2026-04-15 | N/A | ||
| Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | ||||
| CVE-2024-33616 | 2026-04-15 | 5.3 Medium | ||
| Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-8057 | 1 Danswer-ai | 1 Danswer | 2026-04-15 | N/A |
| In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security. | ||||
| CVE-2025-27935 | 1 Pingidentity | 1 Pingfederate | 2026-04-15 | N/A |
| The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication. | ||||
| CVE-2025-5719 | 2026-04-15 | N/A | ||
| The wallet has an authentication bypass vulnerability that allows access to specific pages. | ||||
| CVE-2025-5187 | 1 Kubernetes | 1 Kubernetes | 2026-04-15 | 6.7 Medium |
| A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. | ||||
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2026-04-15 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2025-58083 | 1 General Industrial Controls | 1 Lynx+ Gateway | 2026-04-15 | 10 Critical |
| General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | ||||
| CVE-2021-47891 | 2 Unified Intents, Unifiedremote | 2 Unified Remote, Unified Remote | 2026-04-15 | 9.8 Critical |
| Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads. | ||||
| CVE-2020-12484 | 2026-04-15 | 6.4 Medium | ||
| When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks. | ||||
| CVE-2020-12491 | 2026-04-15 | N/A | ||
| Improper control of framework service permissions with possibility of some sensitive device information leakage. | ||||
| CVE-2022-32503 | 1 Nuki | 2 Fob, Keypad | 2026-04-15 | 7.6 High |
| An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1. | ||||
| CVE-2023-47232 | 2 Mojofywp, Wordpress | 2 Wp Affiliate Disclosure, Wordpress | 2026-04-15 | 4.3 Medium |
| Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6. | ||||
| CVE-2024-48773 | 1 Wo-smart | 1 Morepro Firmware | 2026-04-15 | 7.5 High |
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2023-6949 | 1 Dji | 1 Mini 3 Pro Firmware | 2026-04-15 | 5.2 Medium |
| A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication. | ||||
| CVE-2024-13173 | 2026-04-15 | 7.5 High | ||
| The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||||
| CVE-2024-21846 | 2026-04-15 | 5.3 Medium | ||
| An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario. | ||||