Total
1763 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9214 | 1 Lenovo | 1 Printer | 2025-09-15 | 5.4 Medium |
| A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. | ||||
| CVE-2025-10267 | 1 Newtype Infortech | 1 Nup Portal | 2025-09-15 | 5.3 Medium |
| NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side. | ||||
| CVE-2025-8627 | 1 Tp-link | 3 Kp303, Kp303 Firmware, Smart Plug | 2025-09-15 | 8.8 High |
| The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0. | ||||
| CVE-2025-55581 | 2 D-link, Dlink | 3 Dcs-825l, Dcs-825l, Dcs-825l Firmware | 2025-09-12 | 7.3 High |
| D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. | ||||
| CVE-2025-7635 | 1 Calix | 1 Gigacenter Ont | 2025-09-12 | N/A |
| Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | ||||
| CVE-2025-36756 | 1 Solax | 1 Solax Cloud | 2025-09-12 | N/A |
| A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known. | ||||
| CVE-2025-36757 | 1 Solax | 1 Solax Cloud | 2025-09-12 | N/A |
| It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. | ||||
| CVE-2025-6678 | 1 Autel | 18 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware, Maxicharger Ac Pro and 15 more | 2025-09-10 | N/A |
| Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Pile API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26352. | ||||
| CVE-2025-9994 | 2025-09-10 | 9.8 Critical | ||
| The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access. | ||||
| CVE-2025-9160 | 1 Rockwellautomation | 2 Compactlogix, Compactlogix 5480 | 2025-09-09 | N/A |
| A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution. | ||||
| CVE-2023-7308 | 1 Nsfocusglobal | 2 Secgate3600, Secgate3600 Firmware | 2025-09-09 | 7.5 High |
| SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC. | ||||
| CVE-2025-55583 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2025-09-09 | 9.8 Critical |
| D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests. | ||||
| CVE-2025-7045 | 1 Wordpress | 1 Wordpress | 2025-09-08 | 6.5 Medium |
| The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service. | ||||
| CVE-2014-9197 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2025-09-05 | N/A |
| The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | ||||
| CVE-2014-9195 | 1 Phoenixcontact-software | 2 Multiprog, Proconos Eclr | 2025-09-05 | N/A |
| Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. | ||||
| CVE-2025-21623 | 1 Oxygenz | 1 Clipbucket | 2025-09-05 | 7.5 High |
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | ||||
| CVE-2025-7031 | 2 Config Pages Viewer Project, Drupal | 2 Config Pages Viewer, Drupal | 2025-09-04 | 5.3 Medium |
| Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4. | ||||
| CVE-2025-9815 | 2 Alaneuler, Apple | 2 Batterykid, Macos | 2025-09-04 | 7.8 High |
| A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-7679 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-09-04 | 8.1 High |
| The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT | ||||
| CVE-2025-5310 | 2025-09-04 | 9.8 Critical | ||
| Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. | ||||