Search Results (3605 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25060 2026-04-15 N/A
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
CVE-2025-9994 2026-04-15 9.8 Critical
The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.
CVE-2021-47891 2 Unified Intents, Unifiedremote 2 Unified Remote, Unified Remote 2026-04-15 9.8 Critical
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
CVE-2024-33622 2026-04-15 6.5 Medium
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.
CVE-2025-24924 2026-04-15 9.8 Critical
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username
CVE-2024-52285 1 Siemens 2 Sipass Integrated Ac5102 (acc-g2), Sipass Integrated Acc-ap 2026-04-15 5.3 Medium
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.
CVE-2025-41715 2026-04-15 9.8 Critical
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2024-31684 2026-04-15 3.5 Low
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated API.
CVE-2025-14058 1 Lenovo 31 Idea Tab Pro Tb373fu, Idea Tab Tb336fu, Legion Tab Tb320fc and 28 more 2026-04-15 3.2 Low
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
CVE-2024-51362 1 Lsc Smart Connect 1 Indoor Camera Firmware 2026-04-15 6.5 Medium
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network.
CVE-2024-51720 1 Blackberry 1 Secusuite 2026-04-15 4.8 Medium
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.
CVE-2025-30040 1 Cgm 1 Clininet 2026-04-15 N/A
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint.
CVE-2023-25493 1 Lenovo 1 Bios 2026-04-15 6.7 Medium
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.
CVE-2018-25141 1 Flir 2 Flir Ax8 Firmware, Thermal Traffic Cameras 2026-04-15 7.5 High
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.
CVE-2025-58083 1 General Industrial Controls 1 Lynx+ Gateway 2026-04-15 10 Critical
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
CVE-2025-5095 1 Burk 1 Arc Solo 2026-04-15 9.8 Critical
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.
CVE-2024-10776 1 Sick 2 Inspector61x Firmware, Inspector62x Firmware 2026-04-15 8.2 High
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer.
CVE-2025-53118 1 Securden 1 Unified Pam 2026-04-15 9.8 Critical
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
CVE-2025-11672 1 Ebmtech 1 Uniweb/solipacs Webserver 2026-04-15 5.3 Medium
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
CVE-2025-27256 2026-04-15 8.3 High
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.