Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1573 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2026-01-08 | 5.9 Medium |
| Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64 and MC Works64 Security and has permission to log in. | ||||
| CVE-2025-59516 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-01-07 | 7.8 High |
| Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-53774 | 1 Minidvblinux | 1 Minidvblinux | 2026-01-07 | 9.8 Critical |
| MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely. | ||||
| CVE-2025-12969 | 1 Treasuredata | 1 Fluent Bit | 2026-01-07 | 6.5 Medium |
| Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs. | ||||
| CVE-2023-47232 | 2 Mojofywp, Wordpress | 2 Wp Affiliate Disclosure, Wordpress | 2026-01-06 | 4.3 Medium |
| Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6. | ||||
| CVE-2025-66377 | 1 Pexip | 2 Infinity, Pexip Infinity | 2026-01-05 | 7.5 High |
| Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation. | ||||
| CVE-2025-65856 | 1 Xiongmaitech | 2 Xm530v200 X6-weq 8m, Xm530v200 X6-weq 8m Firmware | 2026-01-05 | 9.8 Critical |
| Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. | ||||
| CVE-2025-3232 | 1 Mitsubishielectric | 1 Smartrtu | 2026-01-05 | 7.5 High |
| A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. | ||||
| CVE-2020-36904 | 1 Microsoft | 1 Windows | 2026-01-05 | 7.5 High |
| Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands. | ||||
| CVE-2025-59246 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-01-02 | 9.8 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2018-25139 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-12-31 | 7.5 High |
| FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage. | ||||
| CVE-2025-63206 | 2 Dasan, Dasannetworks | 3 Ds2924, Ds2924, Ds2924 Firmware | 2025-12-31 | 9.8 Critical |
| An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser. | ||||
| CVE-2025-65828 | 1 Meatmeet | 3 Meatmeet, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware | 2025-12-30 | 6.5 Medium |
| An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-enable the device. As a result, the end user would be unable to receive updates from the Meatmeet base station which communicates with the cloud services until the device had been fixed or turned back on. | ||||
| CVE-2025-63958 | 1 Millensys | 1 Vision Tools Workspace | 2025-12-30 | 9.8 Critical |
| MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function. | ||||
| CVE-2018-25137 | 1 Flir | 1 Brickstream 3d+ | 2025-12-29 | 7.5 High |
| FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation. | ||||
| CVE-2018-25134 | 1 Synaccess | 2 Netbooter Np-02x, Netbooter Np-08x | 2025-12-29 | 9.8 Critical |
| Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management. | ||||
| CVE-2018-25141 | 1 Flir | 1 Thermal Traffic Cameras | 2025-12-29 | 7.5 High |
| FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication. | ||||
| CVE-2018-25140 | 1 Flir | 1 Thermal Traffic Cameras | 2025-12-29 | 7.5 High |
| FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication. | ||||
| CVE-2018-25136 | 1 Flir | 1 Brickstream 3d+ | 2025-12-29 | 7.5 High |
| FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg. | ||||
| CVE-2025-66445 | 1 Hitachi | 2 Infrastructure Analytics Advisor, Ops Center Analyzer | 2025-12-29 | 7.1 High |
| Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. | ||||