CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition...

CVE-2023-49617

The MachineSense application programmable interface API is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication...

CVE-2021-33159

Improper authentication in subsystem for IntelR AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2025-4676

CVE-2025-4676 affects ABB WebPro SNMP Card PowerValue and WebPro SNMP Card PowerValue UL up to version 1.1.8.K. Root cause is an incorrect implementation of the authentication algorithm. CVSS metrics indicate HIGH impact with adjacent attack vector, low complexity, no privileges required, user in...

CVE-1999-0383

ACC Tigris allows public access without a login...

CVE-2019-12130

In ONAP CLI through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

PT-2026-1576

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description The local setup interface component suffers from improper authentication and a lack of CSRF protection. This allows a local attacker to make unauthorized configuration changes by sending unauthenticated...

PT-2026-1288

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring centreon-awie versions 25.10.0 through 25.10.1 Centreon Infra Monitoring centreon-awie versions 24.10.0 through 24.10.2 Centreon Infra Monitoring centreon-awie versions 24.04.0 through 24.04.2 Description A missing...

Medium: containerd

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

CVE-2025-59887

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.5.27 and earlier versions, which stems from incorrect manipulation of the parameter INTERNALAPISECRET in the file apps/sim/lib/auth/internal.ts, which could lead to improper...

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

EUVD-2025-204712

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.9.0 and earlier versions, which stems from a vulnerability in the file...

CVE-2025-43428

CVE-2025-43428 affects Apple platforms (visionOS, iOS, iPadOS, macOS Tahoe) due to a configuration issue that allowed viewing photos in the Hidden Photos Album without authentication. The issue is fixed in visionOS 26.2, iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2. The Apple security notes enumer...