ReportizFlow
Filtered by vendor
Subscriptions
Total
2249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47138 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2026-04-15 | 9.8 Critical |
| The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | ||||
| CVE-2025-5871 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48774 | 2026-04-15 | 7.5 High | ||
| An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48920 | 1 Putongoj | 1 Putongoj | 2026-04-15 | 9.1 Critical |
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | ||||
| CVE-2022-50980 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN. | ||||
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||
| CVE-2025-3758 | 2026-04-15 | N/A | ||
| WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51362 | 1 Lsc Smart Connect | 1 Indoor Camera Firmware | 2026-04-15 | 6.5 Medium |
| The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | ||||
| CVE-2023-47232 | 2 Mojofywp, Wordpress | 2 Wp Affiliate Disclosure, Wordpress | 2026-04-15 | 4.3 Medium |
| Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2026-04-15 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||
| CVE-2024-13186 | 2026-04-15 | 7.5 High | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||||
| CVE-2024-35293 | 2026-04-15 | 9.1 Critical | ||
| An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | ||||
| CVE-2024-9137 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9004 and 4 more | 2026-04-15 | 9.4 Critical |
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | ||||
| CVE-2023-41918 | 2026-04-15 | 10 Critical | ||
| A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code. | ||||
| CVE-2024-45229 | 1 Versa | 1 Director | 2026-04-15 | N/A |
| The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance. | ||||
| CVE-2022-50979 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | ||||
| CVE-2024-43798 | 1 Jpillora | 1 Chisel | 2026-04-15 | 8.6 High |
| Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is using the `AUTH` environment variable to specify credentials to authenticate against is affected by this vulnerability. Chisel is often used to provide an entrypoint to a private network, which means services that are gated by Chisel may be affected. Additionally, Chisel is often used for exposing services to the internet. An attacker could MITM requests by connecting to a Chisel server and requesting to forward traffic from a remote port. This issue has been addressed in release version 1.10.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-10649 | 2026-04-15 | N/A | ||
| wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The affected endpoints are '/v1/share/{id:str}' for uploading and '/v1/share/{id:str}' for downloading JSON files. The lack of authentication allows any user to upload and overwrite files, potentially causing the S3 bucket to run out of space, injecting malicious scripts, and accessing sensitive information. | ||||
| CVE-2022-50977 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | ||||
| CVE-2024-4332 | 1 Fortra | 1 Tripwire Enterprise | 2026-04-15 | N/A |
| An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. | ||||