Export limit exceeded: 362524 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49652 2026-04-15 9.8 Critical
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
CVE-2025-30039 1 Cgm 1 Clininet 2026-04-15 N/A
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges.
CVE-2025-5095 1 Burk 1 Arc Solo 2026-04-15 9.8 Critical
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.
CVE-2024-33622 2026-04-15 6.5 Medium
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.
CVE-2024-55585 2026-04-15 N/A
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
CVE-2024-41969 2026-04-15 8.8 High
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
CVE-2024-45355 2026-04-15 5.5 Medium
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
CVE-2024-45483 2026-04-15 N/A
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system.
CVE-2025-55108 1 Bmc 1 Control-m/agent 2026-04-15 10 Critical
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
CVE-2024-50381 1 Snapone 1 Ovrc-300-pro 2026-04-15 N/A
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.
CVE-2025-23293 1 Nvidia 1 License System 2026-04-15 8.7 High
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2024-48768 1 Almando 1 Almando Control Firmware 2026-04-15 7.5 High
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48771 1 Almando 1 Almando Play Firmware 2026-04-15 7.5 High
An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48773 1 Wo-smart 1 Morepro Firmware 2026-04-15 7.5 High
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48774 2026-04-15 7.5 High
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.
CVE-2024-48775 1 Starvedia 1 Ezset Firmware 2026-04-15 7.5 High
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48776 1 Shelly 1 Home Firmware 2026-04-15 7.5 High
An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48777 1 Ledvance 1 Smartplus Firmware 2026-04-15 7.5 High
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-52285 1 Siemens 2 Sipass Integrated Ac5102 (acc-g2), Sipass Integrated Acc-ap 2026-04-15 5.3 Medium
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.
CVE-2024-57725 2026-04-15 6.5 Medium
An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.