Lucene search
K

1858 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.7 views

CVE-2018-19411

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account including administrator via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights...

8.8CVSS6.8AI score0.0087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.7 views

CVE-2009-4232

The Kide Shoutbox comkide component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

5CVSS7AI score0.01009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31337

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products SINAMICS SL15...

9.8CVSS7.2AI score0.01678EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

9.1CVSS7AI score0.21388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.9 views

CVE-2021-22784

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system...

5.7CVSS6.9AI score0.12083EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.9 views

CVE-2021-0193

Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access...

7.2CVSS7.4AI score0.00933EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.9 views

CVE-2021-0151

Improper access control in the installer for some IntelR Wireless BluetoothR and KillerTM BluetoothR products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.2AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.6 views

CVE-2021-0096

Improper authentication in the software installer for the IntelR NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.4AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.5 views

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

8.8CVSS6.9AI score0.00666EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.11 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS6.8AI score0.79007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

9.8CVSS7.2AI score0.00901EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0384

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...

4.3CVSS6.5AI score0.0099EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.5 views

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

5.5CVSS6AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

9.8CVSS7.1AI score0.01729EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.15 views

CVE-2019-18246

BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure...

4.3CVSS7.3AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.8 views

CVE-2019-20461

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol...

9.8CVSS7.3AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.10 views

CVE-2019-20595

An issue was discovered on Samsung mobile devices with P9.0 software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 July 2019...

2.4CVSS7.1AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.4 views

CVE-2019-20565

An issue was discovered on Samsung mobile devices with O8.x and P9.0 software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 September 2019...

7.5CVSS7.1AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.6 views

CVE-2020-7244

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. In some cases, authentication can be achieved with the comtech password for the...

9CVSS8.1AI score0.04244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.6 views

CVE-2020-23058

An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data...

4.6CVSS7.1AI score0.00411EPSS
Exploits1References1
Rows per page
Query Builder