Total
1420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8286 | 2025-08-15 | N/A | N/A | ||
| The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. | |||||
| CVE-2021-30190 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | |||||
| CVE-2025-43983 | 2025-08-15 | N/A | 9.1 CRITICAL | ||
| KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages. | |||||
| CVE-2025-7774 | 2025-08-15 | N/A | N/A | ||
| A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions. | |||||
| CVE-2024-54176 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-15 | N/A | 4.3 MEDIUM |
| IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | |||||
| CVE-2025-53789 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-14 | N/A | 7.8 HIGH |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-8754 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14. | |||||
| CVE-2011-10013 | 2025-08-14 | N/A | N/A | ||
| Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code. | |||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 6.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2025-1495 | 1 Ibm | 1 Business Automation Workflow | 2025-08-14 | N/A | 4.3 MEDIUM |
| IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. | |||||
| CVE-2021-34983 | 1 Netgear | 104 D6220, D6220 Firmware, D6400 and 101 more | 2025-08-14 | N/A | 6.5 MEDIUM |
| NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. | |||||
| CVE-2025-20210 | 1 Cisco | 1 Catalyst Center | 2025-08-13 | N/A | 7.3 HIGH |
| A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic. | |||||
| CVE-2025-54864 | 2025-08-13 | N/A | N/A | ||
| Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy. | |||||
| CVE-2025-3319 | 1 Ibm | 1 Spectrum Protect Server | 2025-08-13 | N/A | 8.1 HIGH |
| IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources. | |||||
| CVE-2025-1754 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. | |||||
| CVE-2025-44004 | 2025-08-12 | N/A | 7.2 HIGH | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint. | |||||
| CVE-2025-54478 | 2025-08-12 | N/A | 7.2 HIGH | ||
| Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. | |||||
| CVE-2025-41686 | 2025-08-12 | N/A | 7.8 HIGH | ||
| A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. | |||||
| CVE-2025-53191 | 2025-08-12 | N/A | 7.7 HIGH | ||
| Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | |||||
| CVE-2025-7677 | 2025-08-12 | N/A | 5.1 MEDIUM | ||
| Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions. | |||||