Total
1628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21535 | 1 Oracle | 1 Weblogic Server | 2025-06-23 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2023-51947 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | 9.1 Critical |
| Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | ||||
| CVE-2023-51987 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2025-06-20 | 9.8 Critical |
| D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | ||||
| CVE-2025-26468 | 1 Cyberdata | 1 011209 Sip Emergency Intercom | 2025-06-20 | 7.5 High |
| CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption. | ||||
| CVE-2024-23618 | 1 Commscope | 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware | 2025-06-17 | 9.6 Critical |
| An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | ||||
| CVE-2024-21619 | 1 Juniper | 105 Ex2200, Ex2200-c, Ex2200-vc and 102 more | 2025-06-17 | 5.3 Medium |
| A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | ||||
| CVE-2023-5716 | 1 Asus | 1 Armoury Crate | 2025-06-17 | 9.8 Critical |
| ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. | ||||
| CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2025-06-17 | 5.3 Medium |
| A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | ||||
| CVE-2023-39457 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501. | ||||
| CVE-2023-39466 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797. | ||||
| CVE-2024-3701 | 1 Tecno | 1 Hios | 2025-06-17 | 9.8 Critical |
| The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | ||||
| CVE-2024-46506 | 1 Netalertx | 1 Netalertx | 2025-06-17 | 10 Critical |
| NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. | ||||
| CVE-2024-1076 | 1 Sslzen | 1 Ssl Zen | 2025-06-17 | 6.5 Medium |
| The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. | ||||
| CVE-2024-13772 | 1 Uxper | 1 Civi | 2025-06-17 | 5.6 Medium |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_register actions. This makes it possible for unauthenticated attackers to login as any user as long as they have access to the email. | ||||
| CVE-2024-22449 | 1 Dell | 1 Powerscale Onefs | 2025-06-17 | 6.6 Medium |
| Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | ||||
| CVE-2025-0456 | 1 Netvision | 1 Airpass | 2025-06-17 | 9.8 Critical |
| The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | ||||
| CVE-2023-51062 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | 5.3 Medium |
| An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | ||||
| CVE-2025-0129 | 2025-06-13 | N/A | ||
| An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | ||||
| CVE-2025-5906 | 1 Code-projects | 1 Laundry System | 2025-06-13 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-55585 | 2025-06-13 | N/A | ||
| In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword. | ||||