EUVD-2026-33261

Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

iBoysoft NTFS for Mac 安全漏洞

iBoysoft NTFS for Mac is a low-level file system driver developed by iBoysoft Corporation. Version 8.0.0 of iBoysoft NTFS for Mac contains a security vulnerability. This vulnerability stems from the privilege escalation in the privileged assistant daemon, ntfshelperd. The NSConnection service...

CVE-2019-7278

Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

Apeman ID71 访问控制错误漏洞

The Apeman ID71 is a webcam from Apeman. The Apeman ID71 suffers from an Access Control Error vulnerability that stems from a lack of authentication in the ONVIF Service component in the file /onvif/deviceservice, which could lead to a remote attack...

EUVD-2020-4433

Malware in sbrugna...

CVE-2025-5456

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to trigger a...

CVE-2024-5861 WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...

CVE-2022-37894

An unauthenticated Denial of Service DoS vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

CVE-2022-1300

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service...

CVE-2020-12117

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect...

CVE-2018-13789

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers...

Design/Logic Flaw

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service FileStorageService on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

[Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-001: SAP Management Console Unauthenticated Service Restart This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access ...

sc.txt

Two Security Holes in Sun Cluster 2.x echo8 Hole 1 ------- Summary ------- Sun Cluster 2.x Sun Microsystems' commercial high-availability product for Solaris leaks potentially sensitive information to local or remote users. Specifics --------- In a standard Sun Cluster install, there is a service...