70 matches found
CVE-2025-69970
FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...
CVE-2025-69970
FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...
Vulnerabilities fixed in Mattermost
Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...
EUVD-2018-2702
Malware in sbrugna...
EUVD-2019-7945
Malware in sbrugna...
EUVD-2025-11854
Malicious code in bioql PyPI...
EUVD-2025-27765
Malicious code in bioql PyPI...
CVE-2024-25011 Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability
Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue...
CVE-2025-34089
Remote for Mac (Aexol Studio) is affected by an unauthenticated RCE in versions up to 2025.7 when authentication is disabled. The /api/executeScript endpoint is exposed without access control, allowing an unauthenticated attacker to inject AppleScript payloads via the X-Script header and trigger ...
CVE-2019-17633
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...
CVE-2025-1863
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related ...
CVE-2025-1863
CVE-2025-1863 affects Yokogawa recorder products with insecure default authentication settings. The default authentication is disabled, enabling network-accessible access to all settings/operations and allowing manipulation of measured values and configurations. Affected products and versions inc...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from an administrator authentication process that can be bypassed to access multifunction device system information and web pages for...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers MFPs from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from the fact that if user authentication is disabled, a malicious file can be executed by enabling the service from the MFP's web...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from a directory traversal vulnerability that could overwrite or place new files on the multifunction device if the multifunction device...
GHSA-QWHW-HH9J-54F5 Ant Media Server vulnerable to a local privilege escalation
Impact We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensio...
CVE-2023-40151
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...
CVE-2023-3453
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition...
PT-2023-24911 · Etic Telecom · Etic Telecom Ras
Name of the Vulnerable Software and Affected Versions: ETIC Telecom RAS versions 4.7.0 and prior Description: The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the devic...
Remote Code Execution (RCE)
Apache Spark 'master' host is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of user request to the authentication-disabled 'master' host allowing an attacker to execute code via a maliciously crafted request...