CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

279 matches found

RedhatCVE•added 2025/05/22 5:41 p.m.•2 views

CVE-2020-1789

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21SP3 have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the...

6.8CVSS7.1AI score0.00061EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:27 p.m.•9 views

CVE-2020-1840

HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175C00E70R3P8 have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the...

6CVSS6.9AI score0.00053EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:5 p.m.•4 views

CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

3.3CVSS6.7AI score0.00046EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:32 a.m.•3 views

CVE-2019-5213

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321C00E320R1P1T8 have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...

2.4CVSS7AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:22 a.m.•5 views

CVE-2019-18235

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...

9.8CVSS7.5AI score0.00385EPSS

Exploits0References1

Veracode•added 2025/05/22 7:34 a.m.•6 views

Session Hijacking

typo3/cms is vulnerable to Session Hijacking. The vulnerability is due to insufficient authentication mechanisms where the backend user management interface allowing password changes without requiring the current password, finally allows an attacker with access to an admin session to change...

3.8CVSS7AI score0.00158EPSS

Exploits0References5Affected Software2

RedhatCVE•added 2025/05/22 5:11 a.m.•3 views

CVE-2019-5218

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band...

8.8CVSS7AI score0.00102EPSS

Exploits0References1

CNNVD•added 2025/05/09 12:0 a.m.•1 views

ASUS DriverHub 安全漏洞

ASUS DriverHub is an official ASUS driver management tool from Asus China that supports automatic detection and installation of device drivers. A security vulnerability exists in ASUS DriverHub, which stems from insufficient authentication and could lead to unauthorized interactions...

8.4CVSS9.4AI score0.00344EPSS

Exploits0References3

CNNVD•added 2025/05/09 12:0 a.m.•1 views

ASUS DriverHub 安全漏洞

9.4CVSS9.5AI score0.0048EPSS

Exploits0References3

Cvelist•added 2025/03/20 10:11 a.m.•6 views

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

7.6CVSS0.00082EPSS

Exploits1References1

Vulnrichment•added 2025/03/20 10:11 a.m.•6 views

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

7.6CVSS7.5AI score0.00082EPSS

Exploits1References1

CVE•added 2025/03/20 10:11 a.m.•39 views

CVE-2024-10956

CVE-2024-10956 affects GPT Academy version 3.83 in the binary-husky/gpt_academic repository. The vulnerability is a Cross-Site WebSocket Hijacking (CSWSH) issue caused by insufficient WebSocket authentication and lack of origin validation, allowing an attacker to hijack an existing WebSocket conn...

7.6CVSS7.5AI score0.00082EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2025/03/20 12:0 a.m.•2 views

PT-2025-12086 · Unknown · Gpt Academy

Name of the Vulnerable Software and Affected Versions: GPT Academy version 3.83 Description: GPT Academy version 3.83 is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server...

7.6CVSS7.3AI score0.00082EPSS

Exploits1References7

RedhatCVE•added 2025/02/06 3:43 a.m.•7 views

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

7.5CVSS7.1AI score0.0061EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 3:36 a.m.•4 views

CVE-2021-26627

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image...

7.5CVSS7.1AI score0.0061EPSS

Exploits0References1

RedhatCVE•added 2025/02/04 10:29 p.m.•7 views

CVE-2024-8956

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can...

9.1CVSS9.8AI score0.83611EPSS

Exploits1References1