Total
1812 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9195 | 1 Phoenixcontact-software | 2 Multiprog, Proconos Eclr | 2025-09-05 | N/A |
| Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. | ||||
| CVE-2025-21623 | 1 Oxygenz | 1 Clipbucket | 2025-09-05 | 7.5 High |
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | ||||
| CVE-2025-7031 | 2 Config Pages Viewer Project, Drupal | 2 Config Pages Viewer, Drupal | 2025-09-04 | 5.3 Medium |
| Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4. | ||||
| CVE-2025-9815 | 2 Alaneuler, Apple | 2 Batterykid, Macos | 2025-09-04 | 7.8 High |
| A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-7679 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-09-04 | 8.1 High |
| The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT | ||||
| CVE-2025-5310 | 2025-09-04 | 9.8 Critical | ||
| Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. | ||||
| CVE-2012-10030 | 1 Freefloat | 2 Freefloat Ftp Server, Ftp Server | 2025-09-03 | 9.8 Critical |
| FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction. | ||||
| CVE-2025-58318 | 1 Delta Electronics | 1 Diaview | 2025-09-02 | N/A |
| Delta Electronics DIAView has an authentication bypass vulnerability. | ||||
| CVE-2025-7405 | 1 Mitsubishi Electric | 1 Melsec Iq-f Series | 2025-09-02 | 7.3 High |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not have authentication features. | ||||
| CVE-2025-52551 | 2025-09-02 | N/A | ||
| E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. | ||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-09-01 | 6.3 Medium |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||||
| CVE-2024-4332 | 1 Fortra | 1 Tripwire Enterprise | 2025-08-29 | N/A |
| An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. | ||||
| CVE-2025-8450 | 1 Fortra | 2 Filecatalyst Direct, Filecatalyst Workflow | 2025-08-29 | 8.2 High |
| Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page. | ||||
| CVE-2025-8861 | 2025-08-29 | 9.8 Critical | ||
| TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents. | ||||
| CVE-2025-30041 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. | ||||
| CVE-2025-30048 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication. | ||||
| CVE-2025-30037 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp. | ||||
| CVE-2025-30040 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||
| CVE-2025-5187 | 1 Kubernetes | 1 Kubernetes | 2025-08-29 | 6.7 Medium |
| A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. | ||||