Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/05/26 8:59 p.m.38 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.24 views

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...

7.5CVSS5.8AI score0.00505EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/26 10:3 a.m.3 views

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS6AI score0.01039EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.7 views

Denver SHO-110 安全漏洞

The Denver SHO-110 is a wireless IP camera from Denver, Denmark. A security vulnerability exists in the Denver SHO-110 that originates from an unauthenticated HTTP service exposing a snapshot endpoint, which could lead to compromised confidentiality of the surveillance environment...

8.7CVSS6.8AI score0.00636EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5727

Malware in sbrugna...

7.5CVSS7.6AI score0.01158EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.1 views

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

7.5CVSS5.9AI score0.02801EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.4 views

Open Automation Software OAS Platform 访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0121 is vulnerable to an access control error that could be exploited by an attacker to make unauthenticated use of the REST API wit...

9.4CVSS5.6AI score0.37606EPSS
Exploits1References4
Prion
Prion
added 2018/10/10 9:29 p.m.19 views

Design/Logic Flaw

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers...

5CVSS7.6AI score0.01158EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder