Export limit exceeded: 12749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12749 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8509 1 Redhat 1 Migration Toolkit Virtualization 2026-04-15 7.5 High
A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
CVE-2025-62713 1 Kottster 1 Kottster 2026-04-15 N/A
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
CVE-2024-4552 1 Phoeniixx 1 Social Login Lite For Woocommerce 2026-04-15 9.8 Critical
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
CVE-2025-9994 2026-04-15 9.8 Critical
The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.
CVE-2025-45095 1 Lavasoft 2 Adaware, Web Companion 2026-04-15 7.3 High
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path.
CVE-2025-4687 2026-04-15 N/A
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
CVE-2025-25730 2026-04-15 4.6 Medium
An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself.
CVE-2025-22844 2026-04-15 4.3 Medium
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2025-22230 2026-04-15 7.8 High
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
CVE-2025-24323 1 Intel 1 Pcie Switch Software 2026-04-15 6.5 Medium
Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-37742 1 Ethz 1 Safe Exam Browser 2026-04-15 8.2 High
Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams.
CVE-2025-34143 2026-04-15 N/A
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
CVE-2025-52395 2026-04-15 9.8 Critical
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly
CVE-2022-32507 1 Nuki 1 Smart Lock 2026-04-15 8.8 High
An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.
CVE-2022-33862 1 Eaton 1 Intelligent Power Protector 2026-04-15 6.7 Medium
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
CVE-2025-44525 2026-04-15 6.5 Medium
Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.
CVE-2025-57266 1 Thrivex 1 Blog 2026-04-15 9.8 Critical
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
CVE-2022-29946 1 Nats 1 Nats Server 2026-04-15 6.3 Medium
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
CVE-2025-57428 1 Each Italy 1 Wireless Mini Router 2026-04-15 6.5 Medium
Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands.
CVE-2025-32470 2026-04-15 7.5 High
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.