ReportizFlow
Filtered by vendor
Subscriptions
Total
2249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4857 | 2026-04-15 | 7.5 High | ||
| An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. | ||||
| CVE-2024-4332 | 1 Fortra | 1 Tripwire Enterprise | 2026-04-15 | N/A |
| An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. | ||||
| CVE-2024-23815 | 1 Siemens | 1 Desigo Cc | 2026-04-15 | 7.5 High |
| A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp) | ||||
| CVE-2024-1491 | 2026-04-15 | 7.5 High | ||
| The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. | ||||
| CVE-2025-41656 | 1 Nodered | 1 Node-red | 2026-04-15 | 10 Critical |
| An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. | ||||
| CVE-2025-34112 | 2026-04-15 | N/A | ||
| An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance. | ||||
| CVE-2024-22513 | 2026-04-15 | 5.5 Medium | ||
| djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. | ||||
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||
| CVE-2024-21824 | 2026-04-15 | 5.3 Medium | ||
| Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2025-23356 | 1 Nvidia | 1 Isaac Lab | 2026-04-15 | 8.4 High |
| NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2025-8025 | 1 Dinosoft Business Solutions | 1 Dinosoft Erp | 2026-04-15 | 9.8 Critical |
| Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2104 | 1 Jbl | 2 Live Pro 2 Tws, Tune Flex | 2026-04-15 | 8.8 High |
| Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable. | ||||
| CVE-2024-33616 | 2026-04-15 | 5.3 Medium | ||
| Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2025-36757 | 1 Solax | 1 Solax Cloud | 2026-04-15 | N/A |
| It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. | ||||
| CVE-2025-52551 | 2026-04-15 | N/A | ||
| E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. | ||||
| CVE-2025-65007 | 2026-04-15 | N/A | ||
| In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-6260 | 2026-04-15 | 9.8 Critical | ||
| The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface. | ||||
| CVE-2024-48768 | 1 Almando | 1 Almando Control Firmware | 2026-04-15 | 7.5 High |
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-41969 | 2026-04-15 | 8.8 High | ||
| A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | ||||
| CVE-2025-5872 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||