Total
1778 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39601 | 2025-11-03 | 6.5 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | ||||
| CVE-2025-32978 | 1 Quest | 1 Kace Systems Management Appliance | 2025-11-03 | 7.5 High |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. | ||||
| CVE-2025-27647 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002. | ||||
| CVE-2025-27642 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. | ||||
| CVE-2024-45438 | 2025-11-03 | 9.1 Critical | ||
| An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email address is provided as part of the email parameter, SpamTitan will automatically create a user record and associate quarantine settings with it - all without requiring authentication. | ||||
| CVE-2024-45274 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2025-11-03 | 9.8 Critical |
| An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | ||||
| CVE-2025-27803 | 2025-11-03 | 6.5 Medium | ||
| The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data. | ||||
| CVE-2025-9994 | 2025-11-03 | 9.8 Critical | ||
| The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access. | ||||
| CVE-2025-41703 | 1 Phoenix Contact | 4 Quint4-ups/24dc/24dc/10/eip, Quint4-ups/24dc/24dc/20/eip, Quint4-ups/24dc/24dc/40/eip and 1 more | 2025-11-03 | 7.5 High |
| An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command. | ||||
| CVE-2023-28461 | 1 Arraynetworks | 14 Ag1000, Ag1000t, Ag1000v5 and 11 more | 2025-11-03 | 9.8 Critical |
| Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." | ||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 7.5 High |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | ||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 9.8 Critical |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2025-11-03 | 9.8 Critical |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | ||||
| CVE-2020-6207 | 1 Sap | 1 Solution Manager | 2025-10-31 | 9.8 Critical |
| SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. | ||||
| CVE-2020-6287 | 1 Sap | 1 Netweaver Application Server Java | 2025-10-31 | 10.0 Critical |
| SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | ||||
| CVE-2024-11680 | 1 Projectsend | 1 Projectsend | 2025-10-31 | 9.8 Critical |
| ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | ||||
| CVE-2021-37415 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-10-31 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | ||||
| CVE-2021-44077 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-10-31 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. | ||||
| CVE-2020-3952 | 1 Vmware | 1 Vcenter Server | 2025-10-30 | 9.8 Critical |
| Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | ||||
| CVE-2022-26925 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-10-30 | 8.1 High |
| Windows LSA Spoofing Vulnerability | ||||