Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0357

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-15 Apr, 2014 | 10:00
Updated At-06 Aug, 2024 | 09:13
Rejected At-
Credits

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:15 Apr, 2014 | 10:00
Updated At:06 Aug, 2024 | 09:13
Rejected At:
▼CVE Numbering Authority (CNA)

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/251628
third-party-advisory
x_refsource_CERT-VN
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
x_refsource_MISC
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
x_refsource_MISC
Hyperlink: http://www.kb.cert.org/vuls/id/251628
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Resource:
x_refsource_MISC
Hyperlink: https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/251628
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
x_refsource_MISC
x_transferred
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
x_refsource_MISC
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/251628
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:15 Apr, 2014 | 10:55
Updated At:06 May, 2026 | 22:30

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

amtelco
amtelco
>>misecuremessages>>-
cpe:2.3:a:amtelco:misecuremessages:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01cret@cert.org
US Government Resource
http://www.kb.cert.org/vuls/id/251628cret@cert.org
US Government Resource
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdfcret@cert.org
N/A
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/251628af854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Source: cret@cert.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/251628
Source: cret@cert.org
Resource:
US Government Resource
Hyperlink: https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
Source: cret@cert.org
Resource: N/A
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/251628
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

278Records found

CVE-2019-20833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 70.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:49
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-10434
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.37%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820sd_820a_firmwaresd_820_firmwaresd_820aSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-287
Improper Authentication
CVE-2016-11057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.03%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:11
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr618wnr2020_firmwarewnr614wnr614_firmwarewndr3700jwnr2000_firmwarewnr2020r6220_firmwarewndr3700_firmwarewnr1000jwnr2010jwnr2000wnr1000_firmwarer6220jnr1010wnr618_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-11042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 12:54
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-26975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 56.54%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 11:34
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

Action-Not Available
Vendor-barcon/a
Product-control_room_management_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 15:32
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.

Action-Not Available
Vendor-sanncen/asannce
Product-smart_hd_wifi_security_camera_ean_2_950004_595317smart_hd_wifi_security_camera_ean_2_950004_595317_firmwaren/asmart_hd_wifi_security_camera_ean_2_950004_595317_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2016-1000214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 60.95%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ruckus Wireless H500 web management interface authentication bypass

Action-Not Available
Vendor-ruckusn/a
Product-wireless_h500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2026-8737
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 06:45
Updated-18 May, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argument userId/id can lead to missing authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Sanluan
Product-PublicCMS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-0883
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.76%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-operations_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-8031
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 31.41%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:00
Updated-07 May, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Action-Not Available
Vendor-PicoTronica
Product-e-Clinic Healthcare System ECHS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-8214
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 00:15
Updated-11 May, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Industrial Application Software IAS
Product-Canias ERP
CWE ID-CWE-287
Improper Authentication
CVE-2019-20481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.59% / 43.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 14:35
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.

Action-Not Available
Vendor-mielen/a
Product-xgw_3000_zigbee_gatewayxgw_3000_zigbee_gateway_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.46% / 82.44%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 05:03
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.

Action-Not Available
Vendor-n/aGiveWP
Product-givewpn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 66.69%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 15:06
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-7314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.33% / 87.13%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.

Action-Not Available
Vendor-personifyn/a
Product-personify360_e-businessn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0453
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5||MEDIUM
EPSS-2.35% / 81.60%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port.

Action-Not Available
Vendor-n/aF-Secure Corporation
Product-internet_gatekeepern/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-4015
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.67% / 47.44%
||
7 Day CHG+0.03%
Published-28 Apr, 2025 | 10:00
Updated-17 Oct, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
20120630 Novel-Plus SessionController.java list missing authentication

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-xxyopen20120630
Product-novel-plusNovel-Plus
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-7722
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.45% / 36.19%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 02:15
Updated-04 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and may be used. Upgrading to version 3.6.22 will fix this issue. The patch is named e21617125335025b4b27e7d6f0ca028e8e8f3b79. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Action-Not Available
Vendor-PrefectHQ
Product-prefect
CWE ID-CWE-287
Improper Authentication
CVE-2017-6047
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.84% / 76.35%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 19:39
Updated-05 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.

Action-Not Available
Vendor-3mDetcon
Product-detcon_sitewatch_gatewaySitewatch Gateway
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-255
Not Available
CVE-2002-0563
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-51.13% / 98.80%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_server_web_cacheapplication_serveroracle9in/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-18284
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 78.65%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.23%
||
7 Day CHG~0.00%
Published-02 Nov, 2019 | 01:17
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.

Action-Not Available
Vendor-fastwebn/a
Product-fastgate_firmwarefastgaten/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-10669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 22:29
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.

Action-Not Available
Vendor-n/aCanon Inc.
Product-oce_colorwave_500oce_colorwave_500_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-18332
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.00% / 58.47%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2015-6266
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.59% / 72.68%
||
7 Day CHG~0.00%
Published-28 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-4168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.75% / 88.55%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.

Action-Not Available
Vendor-kryon/a
Product-iodinen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-18341
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.62% / 73.09%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-287
Improper Authentication
CVE-2025-3268
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.70% / 48.65%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 21:00
Updated-23 Apr, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
qinguoyi TinyWebServer http_conn.cpp improper authentication

A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-qinguoyiqinguoyi
Product-tinywebserverTinyWebServer
CWE ID-CWE-287
Improper Authentication
CVE-2019-18337
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 83.07%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-15 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-287
Improper Authentication
CVE-2019-18286
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.58% / 72.51%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18287
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.58% / 72.51%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.87% / 85.11%
||
7 Day CHG~0.00%
Published-05 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

Action-Not Available
Vendor-n/aOpenEMR Foundation, Inc
Product-openemrn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-26101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.42% / 69.55%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 05:43
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-1666
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.21% / 80.40%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 19:00
Updated-19 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX-Series
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2019-15987
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.58% / 72.52%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:42
Updated-19 Nov, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetings_onlinewebex_meeting_centerwebex_event_centerwebex_support_centerwebex_training_centerwebex_meetings_serverCisco WebEx Event Center
CWE ID-CWE-287
Improper Authentication
CVE-2022-23723
Matching Score-4
Assigner-Ping Identity Corporation
ShareView Details
Matching Score-4
Assigner-Ping Identity Corporation
CVSS Score-7.7||HIGH
EPSS-0.82% / 52.87%
||
7 Day CHG+0.02%
Published-02 May, 2022 | 22:05
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PingFederate PingOneMFA Integration Kit MFA Bypass

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

Action-Not Available
Vendor-Ping Identity Corp.
Product-pingone_mfa_integration_kitPingFederate PingOne MFA Integration Kit
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2017-15531
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.09%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 20:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

Action-Not Available
Vendor-Symantec Corporation
Product-reporterReporter
CWE ID-CWE-287
Improper Authentication
CVE-2022-23317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.38%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 12:53
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.

Action-Not Available
Vendor-helpsystemsn/a
Product-cobalt_striken/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-20733
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 59.96%
||
7 Day CHG+0.01%
Published-15 Jun, 2022 | 17:55
Updated-06 Nov, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-287
Improper Authentication
CVE-2025-2339
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.84% / 53.33%
||
7 Day CHG~0.00%
Published-16 Mar, 2025 | 13:00
Updated-26 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-otaleotale
Product-tale_blogTale Blog
CWE ID-CWE-287
Improper Authentication
CVE-2017-1000030
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 74.40%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Action-Not Available
Vendor-n/aOracle Corporation
Product-glassfish_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-7860
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-9.58% / 94.88%
||
7 Day CHG~0.00%
Published-25 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dns-327l_firmwaredns-320l_firmwaredns-327ldns-320ln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-46740
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.55%
||
7 Day CHG+0.02%
Published-11 Apr, 2022 | 19:38
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2016-8937
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.90% / 77.13%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_storage_managerSpectrum Protect
CWE ID-CWE-287
Improper Authentication
CVE-2026-8244
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 09:15
Updated-18 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Industrial Application Software IAS
Product-Canias ERP
CWE ID-CWE-287
Improper Authentication
CVE-2025-2344
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.32%
||
7 Day CHG~0.00%
Published-16 Mar, 2025 | 18:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-IROAD
Product-Dash Cam X5Dash Cam X6
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-8347
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.27% / 80.95%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.

Action-Not Available
Vendor-kabona_abn/a
Product-webdatorcentralKabona AB WDC prior to Version 3.4.0
CWE ID-CWE-287
Improper Authentication
CVE-2026-4187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.51% / 39.98%
||
7 Day CHG~0.00%
Published-15 Mar, 2026 | 19:02
Updated-22 Apr, 2026 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tiandy
Product-Easy7 Integrated Management Platform
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-16649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.92% / 55.88%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 01:54
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Action-Not Available
Vendor-supermicron/a
Product-x10sra-fx10qrh\+x9drw-c\(t\)f31_firmwarex9srh-7\(t\)f_firmwareb10drt-ibf_firmwarex11sdd-18c-fa1sai-2550fx9drff-7\/i\(t\)g\+_firmwarex10drt-p_firmwarex10qblx11spw-ctfx10drt-hibfb2ss1-mtfx9srw-f_firmwarex10drh-i_firmwarex9da7\/e_firmwarex10sll\+-fx10dri-t_firmwarex10drt-pibq_firmwareb9drpx9drd-it\+_firmwareb2ss1-cf_firmwarem11sdv-8c-ln4f_firmwarex10sdv-4c\+-tln4f_firmwareb9drix11dpi-n_firmwarex10drt-px10drd-intp_firmwarex11opi-cpux9sci-ln4\(f\)_firmwarex11dpu-x_firmwarex11sca-wx10drsx10drg-ht_firmwarex10srg-fx10drg-h_firmwarex10drd-intx11qph\+_firmwareb10dri-nx10srh-cf_firmwarex10drw-i_firmwarex10srax10drt-pibf_firmwarex9drw-3ln4f\+\/3tf\+_firmwarex10drt-b\+_firmwarex10sra_firmwarex11sds-12cx10sae_firmwarex10qbl-ctx10qbl-4ct_firmwareb10drc_firmwarex11sse-fx11spm-fx10drh-it_firmwarex9drh-7\/i\(t\)f_firmwarex10qbl-ct_firmwarex10dsc\+x9dbl-3\/i\(f\)x11sph-nctfx9dr7\/e-ln4fx10sdv-7tp8fx9drff-7\/i\(t\)\+x9drl-3\/if_firmwarex9dr7\/e-tf\+b2ss2-mtfx11scm-ln8f_firmwarex11sse-f_firmwareb11dpe_firmwarex10drd-lx10sdv-f_firmwareb2ss2-h-mtfb11qpix10drff-ctgb10drg-ibf2_firmwarex10drd-l_firmwarex11ddw-nt_firmwarex11dpt-bhx10sdv-8c\+-ln2f_firmwarex11dsn-ts_firmwarem11sdv-8c\+-ln4fx11dpi-ntx11dpub1sd2-tf_firmwarex10drg-ot\+-cpu_firmwareb10drt-tp_firmwarex9drd-c\(n\)t\+_firmwareb9drtx10drt-pibqb9drg-ex10drc-t4\+_firmwarex11dpi-nt_firmwarex11ssw-4tf_firmwarex9drw-3\/ifx11sds-16c_firmwarex10drff-igx9scd_seriesx10sdv-tln4f_firmwarex9qr7-tf\+x11dpfr-sx9scl\+-fx10dri-t4\+_firmwarea1srm-2758f_firmwarex9drt-h_series_firmwarex10dru-xllx10srm-tfx10sle-dfb11spe-cpu-tf_firmwarex11ssl-nfa1srm-ln7f-2358x10drh-c_firmwarex11sph-nctf_firmwarex10drd-itx10sdv-fa1sai-2750f_firmwarex9scm\(-f\)_firmwarex10dru-xll_firmwarex11spi-tf_firmwarex9drt-hf\+x10drt-b\+x11dsn-tsqx10drw-ntx10sdv-8c-tln4f_firmwarex11dpt-psx11dpu-xll_firmwareb9drg-e_firmwarex11sch-ln4f_firmwarex9scl\(-f\)x11dph-i_firmwarex10srd-fa1srm-ln7f-2758b11spe-cpu-25g_firmwarex11ssmx11dgo-t_firmwarex11dpu-xa1srm-2758fx10drfr-ta1sri-2358f_firmwarex10drt-h_firmwarex10drc-ln4\+x9drg-qfx10slh-f_firmwarex10dsc\+_firmwarea1srm-ln7f-2358_firmwarex9sca\(-f\)x11sds-8c_firmwarex11dai-na1sai-2550f_firmwareb1sd2-16c-tfx11sri-if_firmwarex11scl-ifx10sll-sf_firmwarex11sdd-8c-fb2ss1-cpux11srm-vf_firmwarex10drt-hibf_firmwarex10drl-ct_firmwarem11sdv-4ct-ln4fx9drt-p_series_firmwarea1sa2-2750f_firmwarex9dr3\/i-ln4f\+_firmwarex9drd-7ln4f_series_firmwarex10drd-ltp_firmwarex9drw-7\/itpf\+x11spg-tf_firmwarex11ssh-ln4f_firmwarex11dpu-xllx10drff-cx9drh-if-nvx10dru-i\+x10drx_firmwarex10qbl-4x11ssw-tfx11dpff-sn_firmwarex9dr3\/i-fx10drh-cln4x9drt-p_seriesx11sdd-18c-f_firmwarex10srw-fx10drh-ctx9sae\(-v\)_firmwarex11dpl-i_firmwarex11opi-cpu_firmwarex10drh-itx10drfr_firmwareb11spe-cpu-tfx10sld-f_firmwarea1sri-2758f_firmwarex10drc-t4\+x10sde-dfx9srd-fx10drl-cx9drfrx11ssw-4tfx9drd-efx11sch-f_firmwarex9drl-7\/ef_firmwarex9daix9drw-7\/itpfm11sdv-8ct-ln4fx10sle-f_firmwarex10drff-cgx11srm-fb11dpex10srg-f_firmwarex10dri_firmwarex9sae\(-v\)x10srh-cfx11spm-tpfx10slm\+-ln4f_firmwarex9da7\/ex10drl-ln4_firmwarex10drw-nx11dsf-e_firmwarex11ssw-fm11sdv-8c-ln4fx11sca-f_firmwarex10sdd-f_firmwarex11scw-f_firmwareb10drg-ibf2x10sdv-8c\+-ln2fx10sdv-6c\+-tln4fx9srl\(-f\)_firmwarex9drt-hf\+_firmwarex11sch-ln4fx9drh-if-nv_firmwarex11ssh-ctfx10sdv-16c-tln4f\+x9dr7-jln4fx10drw-etx11dac_firmwarex9drg-h\(t\)f\+ii_firmwarex11ssh-gf-1585lb2ss1-mtf_firmwarex11scl-ln4fx11dpt-lx11dpff-snx10sdv-6c-tln4fx11ssl-cf_firmwarex10drt-libfx11spa-tf_firmwarex11ssl-cfx10drl-i_firmwarex10drt-psx11dgq_firmwarex11spw-ctf_firmwarex9drff-7\/i\(t\)\+_firmwarex9scl\+-f_firmwareb9drg_firmwareb10drt_firmwarex9drg-h\(t\)f_firmwarex11dsf-ex11scl-f_firmwarea1sam-2550fx9drfr_firmwarex9qri-fx10drg-ot\+-cpux9sre\/i_seriesx11dph-tqx10slm\+-ln4fx10drd-it_firmwarex10drg-q_firmwarem11sdv-4c-ln4f_firmwarea1sri-2558fx10srd-f_firmwarex10sll-sx10sdv-4c\+-tp4fx10sle-hfx10drg-o\+-cpua1sam-2750f_firmwarex10sl7-f_firmwarex11ssd-fx10drfr-ntx11spw-tf_firmwarex11dsc\+a1sa2-2750fb10drg-tpx9qri-f\+x10dgq_firmwarex9qr7-tfx9dax-7\/i\(t\)f_firmwarex10dgo-tx11dpu-vx10drh-cln4_firmwarex11dpi-nx10sdv-2c-7tp4fx10sdv-8c-tln4fb9drt_firmwarex10dri-ln4\+x10dri-tb10drix9drt_series_firmwarex11ssl-fx11dpfr-s_firmwarex10qbl-4_firmwarex10sdv-2c-tp8f_firmwarex10drd-itp_firmwarex10drl-ix10qbi_firmwarex10sle-hf_firmwarex11ssm_firmwareb11qpi_firmwarex11spa-tfx9db3\/i-\(tp\)fx9dax-7\/if-hft_firmwareb2ss1-f_firmwarex10sdv-4c-7tp4fx10sdv-16c-tln4f_firmwarex9dai_firmwarex9drff\(-7\)x11scm-ln8fx10slx-fx10drh-ct_firmwarex10drt-pibfx10slm-f_firmwarex9srh-7\(t\)fx11spw-tfx11ssw-tf_firmwarex10drg-hx9drff\(-7\)_firmwarex10drd-intpx11sri-ifx11srm-f_firmwarex9sre\/i_series_firmwarex11ddw-ntb2ss2-fx11ssh-gf-1585_firmwareb9dr7x11dpt-bh_firmwarex11dpx-tx11dpl-ix11dpt-l_firmwarex10sdv-tp8f_firmwarex11ssh-gtf-1585_firmwareb2ss1-fb9dri_firmwareb9drp_firmwarex10drd-int_firmwarex10sdv-8c-tln4f\+_firmwarea1sri-2558f_firmwarex9dax-7\/i\(t\)fx11scl-if_firmwarex10drg-o\+-cpu_firmwarex9drd-l\/if_firmwarex11dph-t_firmwarex11scm-fx9drg-h\(t\)f\+_firmwareb11spe-cpu-25gx10sdv-4c\+-tln4fx11dpg-ot-cpu_firmwarex10sdv-16c\+-tln4f_firmwarex10sdv-4c-tln2fx11ssh-gtf-1585l_firmwarex11scd-fx11ssl-nf_firmwarex10drw-n_firmwarex11scax11scd-f_firmwarex10saex10drw-et_firmwarex11sds-12c_firmwarex11srl-fx10drt-ptx11scl-ln4f_firmwarex10sri-f_firmwarex11dph-tx10drt-pt_firmwarex11dpu-ze\+_firmwarex10sle-fx10drfr-nt_firmwarex9srg-f_firmwarex10sll-fb1sd1-tf_firmwarex9sra_firmwarex10srh-cln4f_firmwarex10drw-ex10sld-hf_firmwarex10qbix10srw-f_firmwarex10drix10sdv-2c-tp4fx10sdv-12c-tln4f\+_firmwarex11ssh-gtf-1585x10srh-cln4fx11dacb2ss1-cpu_firmwareb1sd1-16c-tf_firmwarea1srm-2558f_firmwareb10drt-ibf2_firmwareb10drg-ibfx9drx\+-f_firmwarex11dpu-z\+x10srl-fx10dri-t4\+x10sdd-16c-fx10drff-itg_firmwarex10drw-nt_firmwarex10sdv-4c-tln4fx9qri-f\+_firmwarex9drh-7\/i\(t\)fx11ssh-tf_firmwarex9drw-3ln4f\+\/3tf\+x9dr3\/i-ln4f\+x10dru-i\+_firmwareb10drcx11sds-16ca1sam-2550f_firmwarex11dpt-ps_firmwarex10sle-df_firmwarex10drt-hx11dai-n_firmwareb10dri_firmwarex9drw-7\/itpf_firmwarex11ddw-lx10obi-cpu_firmwareb2ss1-cfx11dgqx11ssi-ln4f_firmwarex10sdv-7tp4f_firmwarex10drff-itgx10drw-e_firmwarex11dps-re_firmwarex10drff_firmwarex9scd_series_firmwarex10dsn-ts_firmwareb2ss1-h-mtf_firmwarex10drl-ln4x11dsn-tsq_firmwarex10drd-ix9dbu-3\/ifx11dph-ix10sll-s_firmwarex10srm-tf_firmwarex11dpt-bx9scm\(-f\)x11dpu_firmwarex11spg-tfx10slx-f_firmwarex11spm-tfx10slm\+-f_firmwarex9srg-fx10drxx10drw-ix9dbl-3\/i\(f\)_firmwarex10sat_firmwarex10drt-lx10sdv-8c-tln4f\+x10drh-ix11sch-fx10sla-fx10drffx10sri-fx10ddw-i_firmwarex11ssh-f_firmwarex10sla-f_firmwarex9drd-7ln4f_seriesx10sdv-7tp8f_firmwarex11srm-vfx10drd-ltx10dgo-t_firmwarex9drff-7\/i\(t\)g\+x10sdv-12c-tln4f_firmwareb10drt-ibf2x10drfr-n_firmwareb10drt-tpx10sdv-6c\+-tln4f_firmwarex10sdv-2c-7tp4f_firmwarex10drff-ig_firmwarex9scl\(-f\)_firmwareb10drc-n_firmwarex9drw-c\(t\)f31x11ssl_firmwarex11dpg-ot-cpux10drfr-nx10sdv-2c-tp4f_firmwarex10drg-qx10sdv-12c\+-tln4f_firmwareb10dri-n_firmwarex11srl-f_firmwarex9drt_seriesx10drfr-t_firmwarex10sdv-2c-tln2f_firmwarem11sdv-8c\+-ln4f_firmwarex10sra-f_firmwarex11scm-f_firmwarex10sdv-12c-tln4f\+x10slm\+-fx11spa-t_firmwarex11ssm-f_firmwarex10drl-c_firmwarex10dru-x_firmwareb10drg-tp_firmwarea1sam-2750fx11dpfr-snx10sll\+-f_firmwarex11ssh-fx10sdv-16c-tln4fx10drw-itx9dr3\/i-f_firmwarex10drc-ln4\+_firmwarex11sds-8cx10dri-ln4\+_firmwarex11sslx10sll-f_firmwarex9srax10drs_firmwarex11ssh-tfx9drd-it\+x9srd-f_firmwarex11dpu-z\+_firmwareb1sd2-16c-tf_firmwarex10sdv-12c-tln4fb9drgx10dru-xx10srm-f_firmwarex11dpg-qtx10sdv-2c-tln2fx10sdv-4c-tln4f_firmwarex10slh-fx10drh-iln4x11sca_firmwareb9qr7\(-tp\)x10obi-cpux10drw-it_firmwarex11spm-f_firmwarex10drh-ca1sri-2358fx10sdv-16c\+-tln4fm11sdv-4ct-ln4f_firmwarex9drg-qf_firmwarex11scw-fb10drg-ibf_firmwareb2ss2-mtf_firmwareb9drg-3mx10drl-itx10drd-lt_firmwarex11dpu-ze\+x11dph-tq_firmwarex10drff-cg_firmwarex10ddw-ix9srw-fx9sca\(-f\)_firmwarex11qph\+x9drw-7\/itpf\+_firmwareb9qr7\(-tp\)_firmwarex11spa-tx11dgo-tx11dpx-t_firmwarex9drw-3\/if_firmwarex10drd-i_firmwarex9dal-3\/ix9dbs-f\(-2u\)_firmwarex10sdv-4c-tln2f_firmwarex11dsc\+_firmwarex10drd-ltpx9drg-h\(t\)fx9drl-3\/ifx9drg-o\(t\)f-cpux11spm-tpf_firmwarex10drff-ctg_firmwarex10dgqx10sdd-fx11sca-w_firmwarex11spl-fx10ddw-inx11spm-tf_firmwarex11dpg-qt_firmwarem11sdv-4c-ln4fx11ddw-l_firmwarex11dpfr-sn_firmwarex9dr7\/e-ln4f_firmwarex11sdd-8c-f_firmwarex10qrh\+_firmwarex9qr7-tf\+_firmwarex10sld-hfb2ss2-f_firmwareb10drtx10drt-libf_firmwarex10sdv-7tp4fx10drt-ps_firmwarex10sl7-fb2ss1-h-mtfb11dpt_firmwarex10srl-f_firmwarex11ssm-fx9drd-c\(n\)t\+x10sdv-tln4fx10drl-it_firmwarex11spl-f_firmwarex9drl-7\/efx9dr7\/e-tf\+_firmwarex11dps-rea1srm-2558fx11scl-fx10drd-itpx10sdv-4c\+-tp4f_firmwarex11ssh-ctf_firmwarex10drt-libqx9drg-h\(t\)f\+iix10ddw-in_firmwarex11ssi-ln4fx10srm-fx11dsn-tsa1srm-ln7f-2758_firmwarex10drg-htx9db3\/i-\(tp\)f_firmwarex9dr7-jln4f_firmwarex10drt-libq_firmwarex10sdv-tp8fx9qr7-tf_firmwarex11ssd-f_firmwareb10drt-ibfx11ssl-f_firmwarex9drg-o\(t\)f-cpu_firmwareb1sd1-tfx9dbs-f\(-2u\)x10sdv-16c-tln4f\+_firmwarex9dax-7\/if-hftx10sdv-6c-tln4f_firmwarex9drg-h\(t\)f\+x9drx\+-fx10drt-l_firmwarex9dal-3\/i_firmwarex11dpg-snx11ssh-gf-1585x10drh-iln4_firmwareb1sd2-tfx9dbu-3\/if_firmwarea1srm-ln5f-2358_firmwareb10drc-nx11ssw-f_firmwarex9srl\(-f\)x11sph-nctpf_firmwarex10drff-c_firmwarex10sdv-12c\+-tln4fb2ss2-h-mtf_firmwarex10drfrx9qri-f_firmwarex10dbt-t_firmwarex10dbt-tx11dpt-b_firmwarem11sdv-8ct-ln4f_firmwarex11ssh-ln4fb11dptx10dsn-tsx11sca-fx11spi-tfx10sde-df_firmwarex10satx11dpg-sn_firmwarex10sll-sfa1srm-ln5f-2358x9drt-h_seriesb9dr7_firmwarex10sdv-2c-tp8fb1sd1-16c-tfx10slm-fx10sld-fx11sph-nctpfx11ssh-gtf-1585lx10sdd-16c-f_firmwarex9drd-l\/ifx9sci-ln4\(f\)x9drd-ef_firmwarex10sdv-4c-7tp4f_firmwareb9drg-3m_firmwarex10drl-ctx11ssh-gf-1585l_firmwarex11dpu-v_firmwarex10qbl_firmwarea1sai-2750fa1sri-2758fx10qbl-4ctn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2016-2102
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.01% / 78.45%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.

Action-Not Available
Vendor-haproxyn/a
Product-haproxyn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found