ReportizFlow
Filtered by vendor
Subscriptions
Total
4435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2388 | 2026-04-15 | 7.3 High | ||
| A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saas/commonApi/park/getParks of the component API. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56447 | 1 Tm2 | 1 Monitoring | 2026-04-15 | 9.8 Critical |
| TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. | ||||
| CVE-2025-22146 | 1 Getsentry | 1 Sentry | 2026-04-15 | 9.1 Critical |
| Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-15097 | 1 Alteryx | 1 Alteryx Server | 2026-04-15 | 7.3 High |
| A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended. | ||||
| CVE-2025-0070 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2026-04-15 | 9.9 Critical |
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. | ||||
| CVE-2025-10672 | 1 Whuan132 | 1 Aibattery | 2026-04-15 | 7.8 High |
| A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used. | ||||
| CVE-2025-32875 | 2026-04-15 | 5.7 Medium | ||
| An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack. | ||||
| CVE-2024-4129 | 2026-04-15 | 8.8 High | ||
| Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through 9.34.0. | ||||
| CVE-2024-11293 | 1 Genetechsolutions | 1 Pie Register | 2026-04-15 | 8.1 High |
| The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2025-12998 | 1 Typo3 | 1 Typo3 | 2026-04-15 | N/A |
| Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5. | ||||
| CVE-2020-36832 | 1 Wpindeed | 1 Ultimate Membership Pro | 2026-04-15 | 9.8 Critical |
| The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID. | ||||
| CVE-2024-41798 | 1 Siemens | 1 Sentron Pac3200 | 2026-04-15 | 9.8 Critical |
| A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication. | ||||
| CVE-2025-10772 | 1 Huggingface | 1 Lerobot | 2026-04-15 | 6.3 Medium |
| A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can only be initiated within the local network. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-41064 | 1 Gtt | 1 Opensiac | 2026-04-15 | N/A |
| Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method. | ||||
| CVE-2025-9265 | 1 Kiloview | 1 Ndi N30 | 2026-04-15 | N/A |
| A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246 | ||||
| CVE-2025-15135 | 2026-04-15 | 6.3 Medium | ||
| A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 4.0.0 will fix this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-52210 | 2 Tychesoftwares, Wordpress | 2 Product Delivery Date For Woocommerce Lite, Wordpress | 2026-04-15 | 5.3 Medium |
| Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0. | ||||
| CVE-2025-13427 | 1 Google | 1 Cloud Dialogflow Cx | 2026-04-15 | N/A |
| An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this. | ||||
| CVE-2025-5870 | 2026-04-15 | 7.3 High | ||
| A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11015 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator. | ||||