82 matches found
PT-2025-38311
Name of the Vulnerable Software and Affected Versions Ericsson Catalog Manager and Ericsson Order Care APIs affected versions not specified Description Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default, leading to an information disclosure issue...
Ericsson Catalog Manager和Ericsson Order Care 安全漏洞
Ericsson Catalog Manager and Ericsson Order Care are both products of Ericsson, a Swedish company.Ericsson Catalog Manager is a service management platform.Ericsson Order Care is an order management system. A security vulnerability exists in Ericsson Catalog Manager and Ericsson Order Care that...
CVE-2025-24322
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...
CVE-2025-24322
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...
CVE-2025-24322
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...
CVE-2025-24322
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...
CVE-2025-24322
CVE-2025-24322 affects Tenda AC6 V5.0 V02.03.01.110 where the Initial Setup Authentication has an unsafe default configuration. A specially crafted network request can lead to arbitrary code execution, and an attacker can trigger this by browsing to the device. Connected sources (Talos blog, Red ...
CVE-2025-24322
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...
PT-2025-34044 · Tenda · Tenda Ac6
Name of the Vulnerable Software and Affected Versions: Tenda AC6 version V02.03.01.110 Description: An unsafe default authentication issue exists in the Initial Setup Authentication functionality. A specially crafted network request can lead to arbitrary code execution. An attacker can access the...
Tenda AC6 V5.0 missing initial setup authentication vulnerability
Talos Vulnerability Report TALOS-2025-2163 Tenda AC6 V5.0 missing initial setup authentication vulnerability August 20, 2025 CVE Number CVE-2025-24322 SUMMARY An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A...
CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...
CVE-2025-8943
Flowise CVE-2025-8943 affects Flowise versions before 3.0.1. The vulnerability resides in the Custom MCPs feature, specifically the /api/v1/node-load-method/customMCP endpoint, where insufficient authentication/authorization allows unauthenticated network attackers to execute OS commands unsandbo...
CVE-2025-8284
By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions...
Pilz IndustrialPI 访问控制错误漏洞
Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. An access control error vulnerability exists in Pilz IndustrialPI that stems from the default unconfigured NodeRED server authentication leading to command execution...
CVE-2024-31813
TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...
The vulnerability of registrars (self-checking devices) GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000, data collection systems, and data collection devices MW100 manufactured by Yokogawa lies in the possibility of initializing the authentication function with a default unsafe value, allowing unauthorized access to the device by intruders.
The vulnerability of the GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000 registrators, as well as the GM data collection systems and MW100 data collection devices manufactured by Yokogawa, is related to the possibility of initializing...
Yokogawa Electric 安全漏洞
Yokogawa Electric is a server owned by Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric that stems from a disabled default authentication setting, which could lead to the unauthorized manipulation of critical data...
SUSE CVE-2025-0896
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
SUSE CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...