Lucene search
K

1857 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.10 views

CVE-2020-24987

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...

9.8CVSS8.1AI score0.03104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.8 views

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 6.14.0.3 is also a fixed release...

8.8CVSS7AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.10 views

CVE-2024-41587

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6...

5.4CVSS6.7AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.14 views

CVE-2023-29056

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined...

5.9CVSS6.9AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.26 views

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

4.3CVSS6.5AI score0.00908EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.4 views

CVE-2023-31189

Improper authentication in some IntelR Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access...

5.2CVSS7.3AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.13 views

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password...

5.5CVSS6.7AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.8 views

CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

7.5CVSS6.8AI score0.01EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.8 views

CVE-2022-26421

Uncontrolled search path element in the IntelR oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.3CVSS7.1AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.7 views

CVE-2020-12874

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server...

9.8CVSS7.4AI score0.00903EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.10 views

CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

7.5CVSS7.2AI score0.00823EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.12 views

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition...

7.5CVSS6.9AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.11 views

CVE-2023-49617

The MachineSense application programmable interface API is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication...

10CVSS6.7AI score0.00798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.11 views

CVE-2021-33159

Improper authentication in subsystem for IntelR AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access...

7.4CVSS7.2AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.10 views

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

8.8CVSS7.6AI score0.01095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.15 views

CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS6.9AI score0.37606EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.17 views

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

8.3CVSS8AI score0.01021EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 5:2 p.m.17 views

CVE-2025-4676

CVE-2025-4676 affects ABB WebPro SNMP Card PowerValue and WebPro SNMP Card PowerValue UL up to version 1.1.8.K. Root cause is an incorrect implementation of the authentication algorithm. CVSS metrics indicate HIGH impact with adjacent attack vector, low complexity, no privileges required, user in...

8.8CVSS6.6AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.7 views

CVE-1999-0383

ACC Tigris allows public access without a login...

7.5CVSS6.8AI score0.01141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.5 views

CVE-2019-12130

In ONAP CLI through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

10CVSS7AI score0.01655EPSS
Exploits0References1
Rows per page
Query Builder