8 matches found
CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...
Navtor NavBox 安全漏洞
Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
Denver SHO-110 安全漏洞
The Denver SHO-110 is a wireless IP camera from Denver, Denmark. A security vulnerability exists in the Denver SHO-110 that originates from an unauthenticated HTTP service exposing a snapshot endpoint, which could lead to compromised confidentiality of the surveillance environment...
EUVD-2018-5727
Malware in sbrugna...
CVE-2022-2379
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...
Open Automation Software OAS Platform 访问控制错误漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0121 is vulnerable to an access control error that could be exploited by an attacker to make unauthenticated use of the REST API wit...
Design/Logic Flaw
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers...