Total
2195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59780 | 1 General Industrial Controls | 1 Lynx+ Gateway | 2026-04-15 | 7.5 High |
| General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information. | ||||
| CVE-2018-25137 | 1 Flir | 1 Brickstream 3d+ | 2026-04-15 | 7.5 High |
| FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation. | ||||
| CVE-2025-41703 | 1 Phoenix Contact | 4 Quint4-ups/24dc/24dc/10/eip, Quint4-ups/24dc/24dc/20/eip, Quint4-ups/24dc/24dc/40/eip and 1 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command. | ||||
| CVE-2025-10772 | 1 Huggingface | 1 Lerobot | 2026-04-15 | 6.3 Medium |
| A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can only be initiated within the local network. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6215 | 1 Hp | 2 Hp, Sure Start Ifd Protection | 2026-04-15 | N/A |
| A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to mitigate the potential vulnerability. | ||||
| CVE-2025-0355 | 2026-04-15 | 7.5 High | ||
| Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | ||||
| CVE-2025-3758 | 2026-04-15 | N/A | ||
| WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3759 | 2026-04-15 | N/A | ||
| Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-37146 | 1 Ace Security | 1 Aptina Ar0130 960p 1.3mp Camera | 2026-04-15 | 7.5 High |
| ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings. | ||||
| CVE-2025-64307 | 1 Brightpick Ai | 1 Internal Logic Control | 2026-04-15 | 6.5 Medium |
| The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes. | ||||
| CVE-2025-13607 | 1 D-link | 1 Dcs-f5614-l1 | 2026-04-15 | 9.4 Critical |
| A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL. | ||||
| CVE-2025-59090 | 1 Dormakaba | 1 Kaba Exos 9300 | 2026-04-15 | N/A |
| On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards. | ||||
| CVE-2024-39707 | 2026-04-15 | 5.3 Medium | ||
| Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. | ||||
| CVE-2024-2104 | 1 Jbl | 2 Live Pro 2 Tws, Tune Flex | 2026-04-15 | 8.8 High |
| Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable. | ||||
| CVE-2024-54983 | 2026-04-15 | 9.8 Critical | ||
| An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. | ||||
| CVE-2025-0456 | 1 Netvision | 1 Airpass | 2026-04-15 | 9.8 Critical |
| The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | ||||
| CVE-2024-57725 | 2026-04-15 | 6.5 Medium | ||
| An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint. | ||||
| CVE-2024-31684 | 2026-04-15 | 3.5 Low | ||
| Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated API. | ||||
| CVE-2025-27935 | 1 Pingidentity | 1 Pingfederate | 2026-04-15 | N/A |
| The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication. | ||||
| CVE-2024-36445 | 1 Swissphone | 1 Dical-red 4009 | 2026-04-15 | 9.8 Critical |
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. | ||||