EUVD-2025-14982

Malicious code in bioql PyPI...

EUVD-2022-27108

Malicious code in bioql PyPI...

EUVD-2024-34037

Malicious code in bioql PyPI...

EUVD-2024-28312

Malicious code in bioql PyPI...

EUVD-2025-12563

Malicious code in bioql PyPI...

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

CVE-2025-11130

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...

CVE-2025-11130 iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...

CVE-2025-41716

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...

CVE-2025-10906

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...

CVE-2025-10906 Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...

CVE-2025-41716

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...

CVE-2025-41716

CVE-2025-41716 describes an unauthenticated information disclosure where a remote attacker can enumerate existing user accounts and their roles due to missing authentication for a critical function. Connected sources reference WAGO Device Sphere and WAGO Solution Builder as affected, describing a...

CVE-2025-41716 Unauthenticated User Enumeration via Missing Authentication

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...

CVE-2025-41716 Unauthenticated User Enumeration via Missing Authentication

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function...

CVE-2025-41715 Missing Authentication for Database Access in Web Application

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it...

CVE-2025-41715 Missing Authentication for Database Access in Web Application

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 - Pre-Auth RCE in Erlang/OTP SSH Server -...

CVE-2025-10772

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

CVE-2025-9983 Lack of Authentication for RTSP stream

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...