Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance SMA contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials...

PT-2026-24573

Name of the Vulnerable Software and Affected Versions MiCode FileExplorer affected versions not specified Description The software contains an authentication bypass in the embedded SwiFTP FTP server component. This allows network attackers to log in without valid credentials by sending arbitrary...

CVE-2025-60534

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials...

PT-2025-53359

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

CVE-2025-64281

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-10127

CVE-2025-10127 affects Daikin Europe N.V Security Gateway. The vulnerability is an authorization bypass caused by a user-controlled key, allowing an unauthenticated attacker to access the system. Documented across multiple vendors and advisories (e.g., Red Hat, NVD, CISA ICS), with high severity ...

CVE-2025-5095 Burk Technology ARC Solo Missing Authentication for Critical Function

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforc...

CVE-2024-37855

An issue in Nepstech Wifi Router xpon terminal NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials...

CVE-2024-5525

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions...

Zultys MX Series Security Vulnerability

Zultys MX Series is a series of IP phones from Zultys USA. A security vulnerability exists in Zultys MX Series, which stems from a susceptibility to authentication bypass, allowing an attacker to gain full administrative access without valid credentials...

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

NSS 安全漏洞

NSS is an underlying cryptography library from the Mozilla Foundation. The library supports a variety of cryptographic algorithms, and the Firefox browser's TLS implementation is based on this library. A security vulnerability exists in NSS that stems from a crash without a user's credentials in...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2022-22481

IBM Navigator for i 7.2, 7.3, and 7.4 heritage version could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks...

CVE-2020-25563

In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave Automation Tasks feature and not having a JSESSIONID...

SUSE Linux Enterprise Server 授权问题漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE Germany. An authorization issue vulnerability exists in SUSE Linux Enterprise Server, which can be exploited by an attacker to execute arbitrary code via salt without specifying valid credential...

CVE-2019-8803

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials...