Lucene search
K

325 matches found

RedhatCVE
RedhatCVE
added 2025/04/17 11:17 p.m.14 views

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...

6.9CVSS7.1AI score0.00481EPSS
Exploits0References3
OSV
OSV
added 2025/04/15 10:15 p.m.7 views

CVE-2025-31654

An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...

6.9CVSS5.9AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 10:15 p.m.4 views

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users...

6.9CVSS5.9AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 10:15 p.m.3 views

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...

7.5CVSS5.9AI score0.00481EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 10:15 p.m.32 views

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...

7.5CVSS0.00481EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 10:15 p.m.6 views

CVE-2025-27561

Unauthenticated attackers can rename "rooms" of arbitrary users...

6.9CVSS5.9AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 10:15 p.m.2 views

CVE-2025-26857

Unauthenticated attackers can rename arbitrary devices of arbitrary users i.e., EV chargers...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16530

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows unauthenticated attackers to rename "rooms" of arbitrary users. This can potentially lead to unauthorized modifications of user settings or data. Recommendations At the moment...

6.9CVSS6.6AI score0.0026EPSS
Exploits0References5
OSV
OSV
added 2025/03/14 12:15 p.m.5 views

CVE-2024-13771

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...

5.9CVSS5.9AI score0.00409EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 2:44 p.m.8 views

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...

9.8CVSS7.3AI score0.01073EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.13 views

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...

9.8CVSS0.01073EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:27 p.m.6 views

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...

9.8CVSS9.6AI score0.01073EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 1:27 p.m.14 views

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...

9.8CVSS0.01073EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.6 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/accounts/routes.lua. An...

9.8CVSS6.8AI score0.01073EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/21 4:22 a.m.12 views

CVE-2024-11349 AdForest <= 5.1.6 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS7.5AI score0.01205EPSS
Exploits0References2
CVE
CVE
added 2024/12/21 4:22 a.m.83 views

CVE-2024-11349

The CVE-2024-11349 entry concerns the AdForest WordPress theme (≤5.1.6). The vulnerability is an authentication bypass caused by the plugin not properly verifying a user's identity before authenticating via sb_login_user_with_otp_fun(). As a result, unauthenticated attackers can log in as arbitra...

9.8CVSS9.6AI score0.01205EPSS
In wildExploits0References2Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2024/12/18 12:0 a.m.26 views

NUUO NVRmini2 Devices Missing Authentication Vulnerability

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

10CVSS9.7AI score0.49431EPSS
In wildExploits1
CVE
CVE
added 2024/11/28 9:7 a.m.63 views

CVE-2024-52283

CVE-2024-52283 is described in public sources as a stored XSS vulnerability caused by missing input sanitization. The available connected documents indicate the vulnerability can be triggered when viewing a specific project, with a CVSS 3.1 base score of 5.7 (Medium) and an influence pattern of N...

5.7CVSS6AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 8:15 a.m.18 views

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

9.1CVSS0.00427EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 7:35 a.m.54 views

CVE-2024-11069

CVE-2024-11069 : WordPress GDPR plugin for WordPress allows unauthenticated deletion of arbitrary users due to a missing capability check in WordPress_GDPR_Data_Delete::check_action, affecting versions up to 2.0.2. Connected sources confirm the issue and indicate a patch/update path; Red Hat and ...

9.1CVSS6.3AI score0.00427EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder