Export limit exceeded: 12139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12139 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27891 | 1 Arista | 1 Eos | 2026-06-05 | 5.3 Medium |
| On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | ||||
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-06-05 | 8.6 High |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | ||||
| CVE-2026-11252 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-05 | 4.3 Medium |
| Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-7016 | 1 Akinsoft | 1 Qr Menu | 2026-06-05 | 8 High |
| Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects QR Menu: before s1.05.12. | ||||
| CVE-2025-7630 | 1 Doruk Communication And Automation Industry And Trade Inc. | 1 Wispotter | 2026-06-05 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1. | ||||
| CVE-2025-8025 | 1 Dinosoft Business Solutions | 1 Dinosoft Erp | 2026-06-05 | 9.8 Critical |
| Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8057 | 1 Patika Global Technologies | 1 Humansuite | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0. | ||||
| CVE-2025-8532 | 1 Bimser | 1 Eba Document And Workflow Management System | 2026-06-05 | 6.4 Medium |
| Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166. | ||||
| CVE-2026-36175 | 1 Gncc | 1 Gp5 | 2026-06-05 | 6.8 Medium |
| An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. | ||||
| CVE-2026-49186 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | ||||
| CVE-2026-49191 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. | ||||
| CVE-2026-49194 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.8 High |
| The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | ||||
| CVE-2026-49203 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.3 High |
| Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | ||||
| CVE-2026-49202 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.6 High |
| Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | ||||
| CVE-2025-62338 | 1 Hcltech | 1 Bigfix Cloud Lifecycle Management | 2026-06-05 | 3.3 Low |
| HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. | ||||
| CVE-2026-5228 | 1 Kurt Software Studio | 1 Writeup Mobile App | 2026-06-05 | 8.8 High |
| Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026. | ||||
| CVE-2025-10463 | 1 Birtech Information Technologies Industry And Trade | 1 Senseway | 2026-06-05 | 7.3 High |
| Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | ||||
| CVE-2026-41308 | 2 Apnotic, Pglombardo | 2 Password Pusher, Password Pusher | 2026-06-05 | 6.5 Medium |
| Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2. | ||||
| CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2026-06-04 | 9.8 Critical |
| An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | ||||
| CVE-2026-49448 | 1 Goauthentik | 1 Authentik | 2026-06-04 | 9.8 Critical |
| authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1. | ||||