Medium
CVE-2023-2187
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability…
Tag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 62/128 • 15330 CVEs.
Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access” · RSS (High+Critical only)
About “Unauthenticated/Unauthorized Access”
A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15330 CVEs for this tag (all time). In the last 365 days, 3834 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-06-07
High
CVE-2023-2186
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway…
Medium
CVE-2023-3126
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. Th…
Medium
CVE-2022-4948
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for au…
Critical
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout m…
Medium
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and includin…
Critical
CVE-2021-4370
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This…
Medium
CVE-2021-4366
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1…
Medium
CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and…
Critical
CVE-2021-4362
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_…
High
CVE-2021-4361
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, an…
Critical
CVE-2021-4357
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up…
High
CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() f…
Medium
CVE-2021-4352
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This…
Medium
CVE-2021-4345
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.…
Critical
CVE-2021-4341
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data…
High
CVE-2021-4339
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route i…
Medium
CVE-2021-4338
The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This…
High
CVE-2020-36730
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions…
Medium
CVE-2020-36729
The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX a…
Critical
CVE-2020-36724
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac()…
High
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it poss…
High
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible f…
Critical
CVE-2020-36713
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' rout…
High
CVE-2020-36707
The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or ha…
High
CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index…
Medium
CVE-2020-36699
The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions…
High
CVE-2020-36697
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers…
High
CVE-2020-36696
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and includi…
Medium
CVE-2019-25151
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it…
Medium
CVE-2019-25143
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and…
Critical
CVE-2019-25141
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition…
2023-06-06
Medium
CVE-2023-33684
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to…
High
CVE-2023-0985
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privi…
High
CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_adm…
2023-06-05
Critical
CVE-2023-3065
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
2023-06-03
High
CVE-2023-2781
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random…
2023-06-02
High
CVE-2023-34094
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the priva…
Critical
CVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transf…
Critical
CVE-2023-3000
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Byp…
Medium
CVE-2023-2063
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP mod…
Medium
CVE-2023-2062
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know…
Medium
CVE-2023-2061
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allow…
High
CVE-2023-2060
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allow…
2023-06-01
High
CVE-2023-34092
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unau…
Medium
CVE-2023-32717
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoi…
High
CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of servic…
High
CVE-2023-29159
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
2023-05-31
Critical
CVE-2021-45039
Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows…
Low
CVE-2023-2758
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker…
High
CVE-2023-2749
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropri…
High
CVE-2023-25539
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the executi…
Critical
CVE-2023-2987
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and inc…
High
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and…
High
CVE-2023-28353
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety…
2023-05-30
High
CVE-2022-39075
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
Low
CVE-2022-39074
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user per…
High
CVE-2022-39071
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers w…
Medium
CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1
Medium
CVE-2023-2978
A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manip…
2023-05-26
High
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the set…
2023-05-25
Medium
CVE-2023-30615
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-…
High
CVE-2023-33355
IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.
Medium
CVE-2023-28370
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user acc…
Critical
CVE-2023-2887
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
High
CVE-2023-2883
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
Critical
CVE-2023-2734
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart…
Critical
CVE-2023-2733
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coup…
Critical
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add…
2023-05-24
Critical
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticat…
High
CVE-2023-25599
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack…
High
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticat…
Critical
CVE-2023-31457
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to exec…
Medium
CVE-2023-25598
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cr…
Critical
CVE-2023-33010
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50…
Critical
CVE-2023-33009
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(…
High
CVE-2023-2065
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System…
Critical
CVE-2023-1424
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remo…
2023-05-23
High
CVE-2023-2702
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Managem…
High
CVE-2023-1837
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)
Medium
CVE-2023-2844
Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.
Critical
CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-se…
Critical
CVE-2023-28409
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.
Critical
CVE-2023-28408
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sens…
Medium
CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
Critical
CVE-2023-27388
Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected produ…
High
CVE-2023-27387
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user vie…
High
CVE-2023-25946
Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary ope…
Medium
CVE-2023-23545
Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings withou…
2023-05-22
High
CVE-2023-2504
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
Critical
CVE-2023-2586
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "…
Critical
CVE-2023-33236
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentica…
2023-05-20
Critical
CVE-2023-2713
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. Thi…
Medium
CVE-2023-2716
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and i…
2023-05-19
High
CVE-2023-1618
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication a…
Critical
CVE-2023-2704
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a F…
2023-05-18
Medium
CVE-2023-2025
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.
Critical
CVE-2023-2024
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
Medium
CVE-2023-31597
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access…
Medium
CVE-2022-36328
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive…
Medium
CVE-2022-36327
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to…
High
CVE-2023-2757
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This co…
Medium
CVE-2023-20003
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login au…
2023-05-17
High
CVE-2023-2706
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via ph…
2023-05-16
Critical
CVE-2023-2499
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during…
2023-05-15
Medium
CVE-2023-31145
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installati…
High
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrar…
High
CVE-2023-23445
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access…
2023-05-12
Critical
CVE-2023-1096
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
Critical
CVE-2023-27823
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
2023-05-11
Critical
CVE-2023-1834
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could poten…
Low
CVE-2023-0858
Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the prod…
Medium
CVE-2023-0857
Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may…
2023-05-10
Medium
CVE-2023-31152
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Byp…
Medium
CVE-2023-31151
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker t…
High
CVE-2022-41985
An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass an…
High
CVE-2023-27298
Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via netwo…
Medium
CVE-2022-41646
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
Medium
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.
Medium
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by…