Total
1450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12757 | 2025-01-17 | N/A | 8.6 HIGH | ||
| Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | |||||
| CVE-2024-9137 | 2025-01-17 | N/A | 9.4 CRITICAL | ||
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | |||||
| CVE-2023-33247 | 1 Talend | 1 Data Catalog | 2025-01-16 | N/A | 7.5 HIGH |
| Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | |||||
| CVE-2023-31594 | 1 Ic | 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware | 2025-01-16 | N/A | 7.5 HIGH |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | |||||
| CVE-2025-0456 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
| The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | |||||
| CVE-2023-31227 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | |||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2025-01-15 | N/A | 7.6 HIGH |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | |||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A | 7.4 HIGH |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2024-39773 | 2025-01-14 | N/A | 5.3 MEDIUM | ||
| An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2024-39608 | 2025-01-14 | N/A | 10.0 CRITICAL | ||
| A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | |||||
| CVE-2024-39273 | 2025-01-14 | N/A | 9.0 CRITICAL | ||
| A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-36249 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.4 MEDIUM |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | |||||
| CVE-2024-26235 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-13185 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2024-13173 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2024-13186 | 2025-01-08 | N/A | 7.5 HIGH | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | |||||
| CVE-2025-21623 | 2025-01-07 | N/A | 7.5 HIGH | ||
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | |||||
| CVE-2024-54984 | 2025-01-07 | N/A | 9.8 CRITICAL | ||
| An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier. | |||||
| CVE-2023-33553 | 1 Planet | 2 Wdrt-1800ax, Wdrt-1800ax Firmware | 2025-01-07 | N/A | 9.8 CRITICAL |
| An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. | |||||