227 matches found
CVE-2025-57788
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2025-57788 Unauthorized API Access Risk
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2025-54554
tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure...
CVE-2025-54554
tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure...
CVE-2025-54554
CVE-2025-54554 affects Tera Insights tiCrypt (tiaudit component) prior to 2025-07-17. The vulnerability allows unauthenticated REST API requests that disclose sensitive information about underlying SQL queries and database structure. Reported across multiple feeds (Red Hat, PT Security, CVE lists...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that originates from an unauthenticated REST API on the management network and could lead ...
CVE-2023-30131
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls...
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...
CVE-2023-23590
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...
CVE-2022-45456
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...
CVE-2022-35136
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation...
CVE-2020-14140
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute...
CVE-2020-15343
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...
CVE-2020-15344
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetuseridandkey API...
CVE-2020-15341
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated updateallrealmlicense API...
CVE-2019-19030
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...
Cisco Catalyst Center 访问控制错误漏洞
Cisco Catalyst Center Cisco DNA Center is a network management system from Cisco USA. An access control error vulnerability exists in Cisco Catalyst Center that stems from a lack of authentication of API endpoints, which could lead to agent configuration modification attacks...
Exploit for CVE-2025-50505
CVE-2025-50505 Unauthorized API Leads to Arbitrary Command Ex...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to check the existence of a username in the system via an API...