CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 is affected by a remote-denial-of-service vulnerability exploitable by unauthenticated API requests over the local network, causing device restart. The available sources consistently describe the issue as requiring network proximity (same network) an...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

Code injection

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2022-44013

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked...

CVE-2022-35136

CVE-2022-35136 affects Boodskap IoT Platform v4.4.9-02. The issue allows attackers to make unauthenticated API requests, with the CVSS 3.1 vector indicating network access, low attack complexity, and a low privileges requirement, but high integrity impact (I:H). Public references identify /api en...

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

PT-2022-22594 · Unknown · Boodskap Iot Platform

Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue allows attackers to make unauthenticated API requests. Recommendations: For Boodskap IoT Platform version 4.4.9-02, consider restricting access to API endpoints to prevent...

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluser API...

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetinstancesforupdate API...

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetinstancesforupdate API...

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluser API...

Code injection

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

Denial of service

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

HashiCorp Vault 访问控制错误漏洞

HashiCorp Vault is a private key access management tool from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise versions 1.7.0 through 1.9.7 and 1.10.4 through 1.11.0, which stems from the exposure of an unauthenticated API endpoint that could be...

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...