CVE-2019-20532

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 December 2019...

CVE-2019-15819

The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for ndrstimportsettingsphpfunction authentication...

CVE-2018-21062

An issue was discovered on Samsung mobile devices with N7.x and O8.x software. When biometric authentication is disabled, an attacker can view Streams content e.g., a Gallery slideshow of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 August 2018...

PT-2025-22560 · Wso2 · Wso2 Identity Server

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server version 7.0.0 Description: An improper authentication issue exists due to an implementation flaw, allowing app-native authentication to be bypassed when an invalid object is passed. This could enable malicious actors to...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

CVE-2005-2916

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to 1 modify configuration using restore.cgi or 2 upload new firmware using upgrade.cgi...

CVE-1999-0291

The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication...

CVE-2024-12561 Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated...

PT-2025-22331 · Echarge Hardy Barth · Cph2 / Cpp2 Charging Stations

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a lack of authentication for the web interface or the MQTT server. This allows an attacker with network access to gain administrative access, perform arbitrary...

CVE-2025-44898

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the webaaaloginAuthlistEdit function...

PT-2025-30037 · Ао'Сбк' · Communigate Pro

Уязвимость почтового сервера CommuniGate Pro связана с отсутствием аутентификации для критичной функции. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, отправлять электронные письма с произвольным содержанием на любой почтовый адрес...

CVE-2025-31185

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2025-31185

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2025-31185

CVE-2025-31185 affects iOS and iPadOS prior to 18.3, where a logic issue allowed viewing photos in the Hidden Photos Album without authentication. The issue is resolved in iOS 18.3 and iPadOS 18.3 via improved checks. Affected software is Apple’s mobile OS family; root cause is a logic flaw in ac...

CVE-2025-2306

An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4...

CVE-2025-32738

Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings...

CVE-2025-3812 WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcldopenaideletetrainingfile function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2024-9879 Website File Changes < 2.1.1 - Authenticated SQL Injection

The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-48024

In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...

PT-2025-21272 · I O Data · I-O Data Hdl-T Series

Name of the Vulnerable Software and Affected Versions: I-O DATA HDL-T Series versions 1.21 and earlier Description: The issue is related to a lack of authentication for critical functions in the firmware. This could allow a remote unauthenticated attacker to modify the product's configuration...