Total
1632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41967 | 1 Wago | 5 Cc100, Edge Controller, Pfc100 and 2 more | 2025-07-13 | 8.1 High |
| A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | ||||
| CVE-2024-55538 | 1 Acronis | 1 True Image | 2025-07-13 | N/A |
| Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736. | ||||
| CVE-2024-36457 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | ||||
| CVE-2025-25224 | 1 Luxsoft | 1 Luxcal Web Calendar | 2025-07-13 | N/A |
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained. | ||||
| CVE-2025-26344 | 1 Q-free | 1 Maxtime | 2025-07-13 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests. | ||||
| CVE-2025-26359 | 1 Q-free | 1 Maxtime | 2025-07-13 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. | ||||
| CVE-2025-26362 | 1 Q-free | 1 Maxtime | 2025-07-13 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests. | ||||
| CVE-2025-26363 | 1 Q-free | 1 Maxtime | 2025-07-13 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests. | ||||
| CVE-2025-26365 | 1 Q-free | 1 Maxtime | 2025-07-13 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests. | ||||
| CVE-2024-12957 | 1 Asus | 1 Armoury Crate | 2025-07-12 | N/A |
| A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | ||||
| CVE-2024-39364 | 1 Advantech | 1 Adam-5630 | 2025-07-12 | 6.3 Medium |
| Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands. | ||||
| CVE-2024-52285 | 1 Siemens | 2 Sipass Integrated Ac5102 (acc-g2), Sipass Integrated Acc-ap | 2025-07-12 | 5.3 Medium |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data. | ||||
| CVE-2024-32735 | 1 Cyberpower | 1 Powerpanel Enterprise | 2025-07-12 | 9.8 Critical |
| An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application. | ||||
| CVE-2025-26339 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests. | ||||
| CVE-2025-26341 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. | ||||
| CVE-2025-26342 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests. | ||||
| CVE-2025-26345 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests. | ||||
| CVE-2025-26347 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests. | ||||
| CVE-2025-26360 | 1 Q-free | 1 Maxtime | 2025-07-12 | 5.3 Medium |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests. | ||||
| CVE-2025-26361 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.1 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests. | ||||