Search Results (2513 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-41654 2026-04-15 8.2 High
An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.
CVE-2025-41651 2026-04-15 9.8 Critical
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
CVE-2024-9062 2026-04-15 7.8 High
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
CVE-2024-48775 1 Starvedia 1 Ezset Firmware 2026-04-15 7.5 High
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2025-36535 1 Automationdirect 1 Mb Gateway 2026-04-15 10 Critical
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.
CVE-2025-40816 1 Siemens 2 Logo!, Siplus Logo! 2026-04-15 7.6 High
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.
CVE-2023-1083 1 Welotec 5 Tk515l, Tk525l, Tk525u and 2 more 2026-04-15 9.8 Critical
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
CVE-2024-57055 2026-04-15 5 Medium
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit.
CVE-2025-30126 1 Marbella 1 Kr8s Dashcam 2026-04-15 5.3 Medium
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being used. During the process of changing these settings, there are no indications or sounds on the dashcam to alert the dashcam owner that someone else is making those changes.
CVE-2025-2407 2026-04-15 N/A
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5.
CVE-2022-43110 1 Voltronicpower 1 Viewpower 2026-04-15 9.8 Critical
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.
CVE-2025-27935 1 Pingidentity 1 Pingfederate 2026-04-15 N/A
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
CVE-2025-7679 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 8.1 High
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT
CVE-2021-26278 2026-04-15 6.3 Medium
The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.
CVE-2025-41689 2026-04-15 7.5 High
An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
CVE-2025-12108 1 Survision 1 License Plate Recognition Camera 2026-04-15 N/A
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
CVE-2025-42875 1 Sap 2 Netweaver, Sap Netweaver 2026-04-15 6.6 Medium
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.
CVE-2025-30048 1 Cgm 1 Clininet 2026-04-15 N/A
The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.
CVE-2025-30037 1 Cgm 1 Clininet 2026-04-15 N/A
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
CVE-2024-9430 1 Wpcloudtechnologies 1 Get A Quote For Woocommerce 2026-04-15 5.3 Medium
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents.