CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

CVE-2025-12108

The CVE-2025-12108 instance affects the Survision LPR Camera system, where authentication is not enforced by default, allowing access to the configuration wizard without login credentials. Affected component: the device’s access/configuration flow (license plate recognition camera system). Impact...

CVE-2025-12136

CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...

PT-2025-43606

Name of the Vulnerable Software and Affected Versions The Real Cookie Banner versions up to and including 5.2.4 Description The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate validation of the...

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

WatchTowr finds a serious flaw in Dell UnityVSA CVE-2025-36604 letting attackers run commands without login. Dell issues patch 5.5.1 - update now...

CVE-2021-37270

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority...

CVE-2020-23262

An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do...

EC-WEB FS-EZViewer 信息泄露漏洞

EC-WEB FS-EZViewer is an online document viewing application. An information disclosure vulnerability exists in EC-WEB FS-EZViewer version 10.4.0.X and prior versions, which stems from the presence of a sensitive information disclosure vulnerability. An attacker can obtain database configuration...

CVE-2024-26263

EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login...

CVE-2022-46025

Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...

PT-2023-15404 · Ormazabal · Ekorccp +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website. This could allow a...

PT-2022-19189 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.10.0 through 5.5.1 Description: The issue is related to improper authentication in the Scheduler component, allowing a remote attacker to access some Facility Information data without logging into the product...

CVE-2021-41566

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in...

TadTools 访问控制错误漏洞

Tad TadTools is a module toolkit for Tad individual developers in Taiwan, China. Tad TadTools is vulnerable to authorization issues that could be exploited by remote attackers to delete arbitrary files on the system using certain parameters without logging in...

CVE-2021-37913

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in...

Hgiga Oaklouds 操作系统命令注入漏洞

Hgiga Oaklouds is an enterprise collaborative work portal network of China Henderson Technology Hgiga Company. It is used for just-in-time communication and resource reservation. An operating system command injection vulnerability exists in the HGiga OAKlouds mobile portal, which originates from...

杰印资讯公司 Excellent Infotek Corporation EIC e-document system 授权问题漏洞

Excellent Infotek Corporation EIC e-document system is an application system of Excellent Infotek Corporation. EIC e-document system is an application system of Excellent Infotek Corporation. It provides precise, simple and standardized XML document forms to simplify the process of writing and...

Guangdong Century ICT Network Technology Co., Ltd. supervisory pass-supervision enterprise integrated business management system has unauthorized access vulnerability

Supervision through - supervision enterprise integrated business management system, is the Guangdong Century ICT Network Technology Co., Ltd. for the domestic engineering consulting enterprises engineering supervision, project management, cost, bidding agency, project construction informatization...

Arbitrary File Read Vulnerability in ZTE ZSRV2 Series Multiservice Routers

ZXR10 ZSR V2 series router is a next-generation intelligent access router product integrating routing, switching, wireless, security, VPN, and AC launched by ZTE. The product adopts the industry-leading hardware platform and software architecture, which provides an intelligent and resilient devic...

CVE-2019-3411

All versions up to BDR218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components...