Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-48776

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Oct, 2024 | 00:00
Updated At-15 Oct, 2024 | 19:13
Rejected At-
Credits

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Oct, 2024 | 00:00
Updated At:15 Oct, 2024 | 19:13
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://shelly.com
N/A
http://comhomeshelly.com
N/A
https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.home.shelly/com.home.shelly.md
N/A
Hyperlink: http://shelly.com
Resource: N/A
Hyperlink: http://comhomeshelly.com
Resource: N/A
Hyperlink: https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.home.shelly/com.home.shelly.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
shelly
Product
home_firmware
CPEs
  • cpe:2.3:o:shelly:home_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0.4
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Oct, 2024 | 20:15
Updated At:15 Oct, 2024 | 20:35

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-306
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://comhomeshelly.comcve@mitre.org
N/A
http://shelly.comcve@mitre.org
N/A
https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.home.shelly/com.home.shelly.mdcve@mitre.org
N/A
Hyperlink: http://comhomeshelly.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://shelly.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.home.shelly/com.home.shelly.md
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

179Records found
CVE-2024-5749
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 17:27
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

Action-Not Available
Vendor-HP Inc.
Product-Certain HP DesignJet productsdesignjet_t830_firmwaredesignjet_t730_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-23345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.71%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 19:42
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.

Action-Not Available
Vendor-bigantsoftn/a
Product-bigant_servern/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-14927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.71% / 94.67%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 12:08
Updated-10 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Action-Not Available
Vendor-inean/aMitsubishi Electric Corporation
Product-me-rtu_firmwaresmartrtusmartrtu_firmwareme-rtun/a
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27258
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:16
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26576
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 09:38
Updated-15 Oct, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26570
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 08:38
Updated-15 Oct, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27375
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:18
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26575
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 09:37
Updated-15 Oct, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.49%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.

Action-Not Available
Vendor-blackvuen/a
Product-dr750-2ch_ltedr750-2ch_ir_ltedr750-2ch_ir_lte_firmwaredr750-2ch_lte_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26574
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 08:51
Updated-15 Oct, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26580
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.73%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 09:49
Updated-11 Sep, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27259
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:17
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27377
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:20
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2023-27376
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:19
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltdidattend
Product-idwebIDWebidweb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21837
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:47
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.

Action-Not Available
Vendor-kyoceran/a
Product-ecosys_m5526cdw_firmwareecosys_m5526cdwn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21979
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.01%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-16 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.94%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 18:38
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.

Action-Not Available
Vendor-n/aBrother Industries, Ltd.
Product-mfc-j895dwmfc-l6900dwhl-l6450dwhl-l6400dwtads-2800wdcp-1617nwmfc-l2720dn\(jpn\)mfc-j497dwdcp-t710w\(chn\)_firmwaremfc-j1500n\(jpn\)mfc-j5335dwmfc-l2740dwr_firmwaremfc-l2750dw_firmwaremfc-l3770cdw_firmwaredcp-7195dw_firmwaremfc-l2705dwmfc-j893n_firmwaredcp-1623wr_firmwaremfc-l6900dwx_firmwaredcp-l8410cdw_firmwaremfc-9350cdwmfc-j998dn_firmwarehl-l8260cdndcp-l2560dwrdcp-j982n-bmfc-l5702dw_firmwarehl-l2370dnhl-l2350dw_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-l9570cdw_firmwarehl-l3230cdwhl-b2050dnhl-1211w_firmwaredcp-j572dwdcp-j577ndcp-j973n-wmfc-l2720dwr_firmwaredcp-l2531dw_firmwaremfc-j998dwn_firmwaredcp-l2520dw_firmwaremfc-l2707dwmfc-l9570cdwdcp-j978n-b_firmwaredcp-t710w_firmwaredcp-l2540dw\(jpn\)dcp-1610wvbmfc-l5802dwmfc-9350cdw_firmwaremfc-8530dnmfc-l2705dw_firmwaremfc-1910wmfc-1916nwmfc-j1300dwmfc-l2712dn_firmwaremfc-l3730cdn_firmwaremfc-j995dwmfc-9150cdndcp-l3551cdw_firmwarehl-l8360cdwtmfc-1911wdcp-l6600dwdcp-l2541dw_firmwaremfc-j805dw_xl_firmwaremfc-j6535dwmfc-l2701dwdcp-j982n-w_firmwaredcp-b7535dwmfc-j6947dw_firmwaremfc-l5700dw_firmwaredcp-l5500dnhl-1210wvb_firmwarehl-l9310cdwmfc-l2717dw_firmwarehl-l2395dw_firmwaremfc-l8610cdwmfc-j5730dw_firmwaremfc-l8900cdwmfc-l2685dw_firmwarehl-l6200dwt_firmwaredcp-j772dwhl-l2370dn_firmwaremfc-l2712dwdcp-1610wvb_firmwarehl-j6000cdw\(jpn\)_firmwarehl-l8360cdwt_firmwareads-3000nmfc-j5845dw_xl_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j805dw_firmwaredcp-b7530dndcp-l5650dnmfc-t810w\(chn\)dcp-l8410cdwdcp-1616nwmfc-8540dn_firmwaremfc-l2710dw_firmwaremfc-l5802dw_firmwarehl-l2375dw_firmwarehl-1210wvbmfc-l2713dw_firmwaremfc-l5902dwdcp-l5502dnhl-l2366dw_firmwarehl-1210wr_firmwarehl-l3270cdwdcp-l5600dn_firmwareads-2400n_firmwaremfc-l2720dwrhl-l2375dwhl-l5202dw_firmwaredcp-1610we_firmwaremfc-l2700dw\(oce\)_firmwaremfc-j995dw_xlhl-l8360cdwmfc-j491dwhl-l2385dwmfc-1912wrmfc-l2750dw\(jpn\)_firmwarehl-l6200dwtdcp-1610wrdcp-l3510cdwmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j3530dwads-2800w_firmwaremfc-j6930dw_firmwaremfc-l6702dw_firmwaremfc-l2715dw\(twn\)hl-l5100dnthl-1210w_firmwaremfc-j1500n\(jpn\)_firmwarehl-b2050dn_firmwaredcp-l3550cdw_firmwaremfc-t910dw_firmwaredcp-l2532dw_firmwaremfc-l8610cdw\(jpn\)_firmwaredcp-b7530dn_firmwaremfc-l5755dw_firmwaremfc-l2700dwmfc-l6900dw_firmwaremfc-l5900dw_firmwaredcp-l5652dndcp-l2520dwmfc-l2700dw\(oce\)mfc-l2700dw_firmwarehl-1218whl-l3210cwdcp-l2520dwr_firmwaremfc-j6730dw_firmwarefax-l2700dn\(jpn\)mfc-l2717dwdcp-1618w_firmwaredcp-l2550dn_firmwaredcp-l2541dwhl-l2365dwrmfc-j6530dwdcp-1615nwdcp-7180dn_firmwaremfc-l5850dw_firmwaremfc-l6950dw_firmwarehl-b2080dwmfc-l2680whl-l2360dw_firmwareads-3600w_firmwarefax-l2710dn\(jpn\)_firmwaremfc-j5330dwmfc-l5800dw_firmwarehl-l3290cdwmfc-l2750dwxl_firmwaredcp-1615nw_firmwaremfc-j5335dw_firmwaremfc-l6950dwhl-l8260cdn_firmwaremfc-l2730dwhl-l6400dwxhl-l6250dw_firmwaredcp-1617nw_firmwarehl-l2340dwrmfc-7895dw_firmwaremfc-l2740dw\(jpn\)mfc-1911nw_firmwarehl-l6300dw_firmwaredcp-l3550cdwhl-l2305w_firmwaredcp-1612wemfc-l5700dwmfc-j6535dw_firmwaredcp-j774dwhl-l6200dwmfc-j998dwndcp-j572n_firmwaredcp-l2550dwmfc-l6902dwmfc-7880dn_firmwaremfc-j5845dw_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaremfc-j738dwn_firmwarehl-l2380dwmfc-l6750dw_firmwaremfc-l9570cdw\(jpn\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-l2770dw_firmwarehl-l2395dwdcp-l2551dndcp-l2532dwdcp-l3551cdwmfc-l6900dw\(jpn\)mfc-l3730cdnhl-l3210cw_firmwaredcp-j988n\(jpn\)mfc-l2740dw\(jpn\)_firmwaremfc-j903nmfc-l6900dw\(jpn\)_firmwaremfc-l5750dwdcp-l3517cdwmfc-1911w_firmwaremfc-j497dw_firmwarehl-j6000dwhl-j6000dw_firmwaremfc-l6902dw_firmwaremfc-j995dw_firmwaremfc-j6945dwmfc-j5630cdwhl-1212wr_firmwaremfc-l2740dwrmfc-t910dwmfc-j6947dwmfc-l2712dnmfc-j6935dw_firmwaremfc-l2713dwmfc-l6702dwmfc-l3735cdnmfc-l5755dw\(jpn\)_firmwarehl-3190cdw_firmwaremfc-j6530dw_firmwarehl-l2361dnmfc-j5845dwhl-l2366dwdcp-j774dw_firmwaremfc-j6997cdw\(jpn\)_firmwaremfc-j6999cdw\(jpn\)hl-l6202dw_firmwaremfc-8540dnhl-l8260cdw_firmwaremfc-t4500dwmfc-j738dnmfc-l2700dwr_firmwaredcp-b7520dwmfc-j5930dw_firmwarehl-3160cdw_firmwarehl-l6200dw_firmwaremfc-l2720dwdcp-7180dnmfc-j2330dwhl-5590dnmfc-l8610cdw_firmwaremfc-j690dwmfc-l6900dwgmfc-l2716dwhl-l5200dw_firmwaremfc-9150cdn_firmwaremfc-l2710dnmfc-7880dnhl-l6400dwgmfc-l2771dw_firmwarehl-1223wedcp-l5650dn_firmwaremfc-1919nw_firmwareads-3000n_firmwaremfc-l6700dw_firmwaredcp-9030cdn_firmwaredcp-l2520dwrdcp-j972nmfc-j6999cdw\(jpn\)_firmwaredcp-1612we_firmwaredcp-j973n-b_firmwaremfc-j6980cdw\(jpn\)_firmwaremfc-j898nmfc-j6545dw_firmwaremfc-l2750dw\(jpn\)dcp-l2530dw_firmwaremfc-1910wedcp-l5500dn_firmwaremfc-j805dwmfc-j895dw_firmwarehl-1222wemfc-j898n_firmwaredcp-l2540dnr_firmwarehl-l3230cdnhl-1218w_firmwaredcp-7195dwhl-l6250dn_firmwaredcp-l2551dwhl-l2340dwr_firmwaremfc-1911nwads-3600whl-l2360dnrdcp-l2560dw_firmwaremfc-j1300dw_firmwaremfc-l2710dwhl-2560dndcp-j981n_firmwaremfc-b7715dw_firmwaremfc-l3710cw_firmwarehl-l6402dw_firmwaredcp-l2551dw_firmwaremfc-l2712dw_firmwaremfc-j995dw_xl_firmwaredcp-l2537dw_firmwaremfc-l2732dwmfc-l2750dwhl-l2315dwmfc-l2685dwmfc-l5702dwdcp-l2537dwmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-l6800dwdcp-l2535dwdcp-l2550dw_firmwarehl-l2352dw_firmwaredcp-j582n_firmwaredcp-l5602dn_firmwaremfc-t4500dw_firmwarehl-2595dw_firmwaremfc-t810whl-l2340dwmfc-j2330dw_firmwarehl-1222we_firmwaremfc-j6580cdw\(jpn\)dcp-1612wr_firmwarehl-l5100dn_firmwaremfc-j5730dwmfc-l6700dwdcp-t510wmfc-j6983cdwhl-l2365dwdcp-j982n-b_firmwaremfc-l6750dwdcp-j978n-wmfc-j6583cdwdcp-l2550dndcp-l2560dwr_firmwaredcp-j988n\(jpn\)_firmwarehl-l2386dw_firmwaremfc-b7720dnhl-l2372dnmfc-l3735cdn_firmwarehl-3160cdwmfc-l6800dw_firmwarehl-l3230cdn_firmwarehl-l2376dwhl-t4000dw_firmwaremfc-l2701dw_firmwaredcp-b7535dw_firmwaredcp-l6600dw_firmwaremfc-1915w_firmwaremfc-l2680w_firmwaremfc-l2732dw_firmwarehl-1212w_firmwaredcp-l2531dwdcp-t510w\(chn\)dcp-l2530dwmfc-j738dwnmfc-j6545dw_xl_firmwaremfc-l6970dwmfc-j738dn_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaremfc-l5902dw_firmwaremfc-l2716dw_firmwaremfc-l5800dwmfc-j815dw_xlmfc-j5630cdw_firmwaredcp-l3517cdw_firmwaredcp-j973n-bmfc-l3770cdwdcp-l5602dnmfc-l5750dw_firmwarehl-1212wvbmfc-l2730dw_firmwaredcp-j982n-wmfc-j5930dwfax-l2700dn\(jpn\)_firmwarehl-l2361dn_firmwarehl-l6400dwg_firmwaremfc-l9577cdwdcp-1612wrmfc-j805dw_xlmfc-l2720dn\(jpn\)_firmwaremfc-j6995cdw\(jpn\)_firmwaremfc-j6583cdw_firmwaremfc-j1605dn_firmwarehl-l6400dwdcp-l2535dw_firmwarehl-l6300dwdcp-1610wr_firmwaremfc-j491dw_firmwarehl-l5202dwdcp-j1100dwmfc-j6545dwdcp-l5600dndcp-j978n-bdcp-l3510cdw_firmwaremfc-l2703dw_firmwaremfc-l2730dn\(jpn\)hl-l5100dnmfc-j3930dwmfc-j3930dw_firmwaremfc-j6995cdw\(jpn\)mfc-j5830dwdcp-l2552dnmfc-j5945dw_firmwarehl-l2350dwhl-l3230cdw_firmwaredcp-l2540dwdcp-l2551dn_firmwaremfc-l5755dwmfc-j6930dwhl-l2340dw_firmwaredcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaremfc-j998dnhl-l6300dwt_firmwaremfc-l5850dwhl-j6100dwmfc-j6545dw_xldcp-j572nmfc-l3745cdw_firmwarehl-l2376dw_firmwaremfc-j5845dw_xldcp-1616nw_firmwarehl-l2360dnhl-l5200dwtmfc-l8610cdw\(jpn\)hl-l5595dnhl-t4000dwhl-l2371dnhl-l5200dwt_firmwarehl-l6402dwmfc-b7715dwdcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-t710wmfc-j6980cdw\(jpn\)hl-l2315dw_firmwaredcp-l2540dw\(jpn\)_firmwarehl-l5595dn_firmwarehl-l9310cdw_firmwarehl-l5102dwmfc-b7720dn_firmwarehl-l2365dwr_firmwaremfc-l3710cwhl-l6202dwmfc-l5700dnhl-l2370dw_firmwaremfc-l2770dwmfc-j6945dw_firmwarehl-1210wrmfc-l2750dwxlmfc-l5900dwhl-l2370dwdcp-1610whl-l5102dw_firmwaremfc-j2730dw_firmwarehl-1210wehl-l2305wdcp-l2540dn_firmwarehl-2560dn_firmwaredcp-l2550dw\(jpn\)_firmwarehl-j6100dw_firmwaremfc-j3530dw_firmwaremfc-j5830dw_firmwarehl-l2385dw_firmwarehl-l5200dwdcp-b7520dw_firmwaredcp-1612wmfc-j6983cdw_firmwaredcp-j582nhl-1210whl-l2386dwhl-1210we_firmwaremfc-j890dwmfc-j5945dwfax-l2710dn\(jpn\)mfc-1910w_firmwaremfc-j2730dwmfc-1910we_firmwarehl-l2371dn_firmwarehl-l2360dn_firmwaremfc-l2752dw_firmwarehl-l2351dw_firmwarehl-l2370dwxlmfc-l2751dwmfc-j1605dnhl-l6450dw_firmwaredcp-j973n-w_firmwaremfc-j6580cdw\(jpn\)_firmwaremfc-l2710dn_firmwarehl-1212wvb_firmwarehl-l2357dw_firmwaremfc-l6900dwg_firmwaremfc-l2703dwhl-l6400dwx_firmwarehl-l5100dnt_firmwarehl-3190cdwhl-l6400dwt_firmwaremfc-1915wmfc-l8690cdw_firmwaremfc-l3750cdw_firmwaremfc-l2730dn\(jpn\)_firmwaredcp-9030cdnmfc-l9577cdw_firmwarehl-l2390dw_firmwaremfc-l3750cdwhl-1212wdcp-t510w\(chn\)_firmwaremfc-t810w\(chn\)_firmwaremfc-8535dn_firmwaremfc-1919nwmfc-t810w_firmwarehl-l2370dwxl_firmwarehl-l8260cdwhl-j6000cdw\(jpn\)mfc-l2700dndcp-l2552dn_firmwaremfc-l2700dn_firmwaredcp-l5652dn_firmwaremfc-l2771dwdcp-1612w_firmwaremfc-l6970dw_firmwarehl-1211wmfc-l3745cdwmfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaredcp-j1100dw_firmwarehl-l6400dw_firmwaredcp-t710w\(chn\)dcp-j572dw_firmwarehl-2595dwhl-l2360dnr_firmwarehl-l2351dwmfc-l2715dw_firmwaremfc-j6730dwhl-5590dn_firmwaremfc-8535dnmfc-l5700dn_firmwareads-2400ndcp-1622wemfc-l9570cdw\(jpn\)mfc-l2740dwmfc-j815dw_xl_firmwarehl-b2080dw_firmwaremfc-l2700dnrmfc-l2751dw_firmwaremfc-j6997cdw\(jpn\)hl-l2372dn_firmwarehl-1212wemfc-l2700dnr_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-l2550dw\(jpn\)mfc-l2715dwmfc-l2752dwdcp-j981ndcp-1623wemfc-8530dn_firmwarehl-l6250dwmfc-7895dwmfc-j690dw_firmwaredcp-l5502dn_firmwarehl-l6300dwtmfc-l2700dwrdcp-1623we_firmwarehl-l3290cdw_firmwaremfc-l5755dw\(jpn\)hl-l6250dnhl-l2352dwhl-l2360dwhl-l2380dw_firmwaremfc-l2715dw\(twn\)_firmwaremfc-l6900dwxhl-l2390dwhl-l2357dwhl-l3270cdw_firmwarehl-1212wrn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21839
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-93.02% / 99.77%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-22||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-22047
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-88.38% / 99.47%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprisePeopleSoft Enterprise PT PeopleTools
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-21041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 16:44
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21842
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-16 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-3402
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 04:20
Updated-15 Nov, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_customer_voice_portalCisco Unified IP Interactive Voice Response (IVR)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48621
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:14
Updated-06 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27532
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-74.83% / 98.82%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-09-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Action-Not Available
Vendor-n/aVeeam Software Group GmbH
Product-veeam_backup_\&_replicationVeeam Backup & ReplicationBackup & Replication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-47703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.46%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.

Action-Not Available
Vendor-tianjien/a
Product-cpe906-3cpe906-3_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48299
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48288
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48289
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-46463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-77.57% / 98.95%
||
7 Day CHG-2.10%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-harborn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-38283
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.03%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 07:45
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.

Action-Not Available
Vendor-wipron/a
Product-holmesn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-23815
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.05% / 15.03%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp)

Action-Not Available
Vendor-Siemens AG
Product-Desigo CC
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-45794
Matching Score-4
Assigner-Dragos, Inc.
ShareView Details
Matching Score-4
Assigner-Dragos, Inc.
CVSS Score-8.6||HIGH
EPSS-0.16% / 37.93%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:56
Updated-22 May, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Omron CJ-series and CS-series unauthenticated filesystem access.

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.

Action-Not Available
Vendor-omronOmron
Product-sysmac_cj2h-cpu64-eipsysmac_cj2h-cpu67-eip_firmwaresysmac_cj2h-cpu64-eip_firmwaresysmac_cj2m-cpu12sysmac_cs1d-cpu67psysmac_cs1d-cpu67sa_firmwaresysmac_cs1g-cpu42h_firmwaresysmac_cj2m-cpu32sysmac_cj2h-cpu67-eipsysmac_cs1d-cpu65h_firmwaresysmac_cj2m-cpu11_firmwaresysmac_cj2m-cpu14_firmwaresysmac_cj2h-cpu64_firmwaresysmac_cs1h-cpu66hsysmac_cj2h-cpu67sysmac_cj2m-cpu31sysmac_cs1h-cpu66h_firmwaresysmac_cj2h-cpu65-eip_firmwaresysmac_cs1h-cpu64hsysmac_cj2m-cpu34sysmac_cj2h-cpu65-eipsysmac_cj1g-cpu45p_firmwaresysmac_cs1h-cpu64h_firmwaresysmac_cj2h-cpu65_firmwaresysmac_cs1g-cpu44hsysmac_cj2m-cpu33_firmwaresysmac_cj2h-cpu65sysmac_cs1g-cpu43hsysmac_cs1d-cpu44sa_firmwaresysmac_cs1h-cpu63h_firmwaresysmac_cj1g-cpu44psysmac_cj2m-cpu13sysmac_cs1g-cpu45hsysmac_cj1g-cpu45psysmac_cs1h-cpu63hsysmac_cj2m-cpu15sysmac_cs1g-cpu43h_firmwaresysmac_cj2m-cpu32_firmwaresysmac_cj2m-cpu34_firmwaresysmac_cj2m-cpu31_firmwaresysmac_cj2m-cpu13_firmwaresysmac_cj2m-cpu33sysmac_cj1g-cpu43p_firmwaresysmac_cj2h-cpu66-eip_firmwaresysmac_cs1d-cpu67p_firmwaresysmac_cj2m-cpu35sysmac_cs1d-cpu65p_firmwaresysmac_cj2h-cpu68-eipsysmac_cj2m-cpu12_firmwaresysmac_cs1d-cpu67hsysmac_cj2m-cpu35_firmwaresysmac_cs1h-cpu65h_firmwaresysmac_cj2m-cpu15_firmwaresysmac_cj2h-cpu64sysmac_cs1d-cpu65psysmac_cs1h-cpu67hsysmac_cs1d-cpu68hasysmac_cs1d-cpu67sasysmac_cj2m-cpu11sysmac_cs1h-cpu65hsysmac_cj1g-cpu44p_firmwaresysmac_cs1g-cpu45h_firmwaresysmac_cj2h-cpu68sysmac_cs1d-cpu67h_firmwaresysmac_cj2h-cpu66_firmwaresysmac_cs1d-cpu65hsysmac_cj2m-cpu14sysmac_cs1g-cpu42hsysmac_cj1g-cpu42p_firmwaresysmac_cs1d-cpu68ha_firmwaresysmac_cj2h-cpu68_firmwaresysmac_cj2h-cpu66-eipsysmac_cj2h-cpu66sysmac_cs1d-cpu44sasysmac_cs1h-cpu67h_firmwaresysmac_cj1g-cpu42psysmac_cj2h-cpu67_firmwaresysmac_cs1d-cpu67ha_firmwaresysmac_cj1g-cpu43psysmac_cj2h-cpu68-eip_firmwaresysmac_cs1g-cpu44h_firmwaresysmac_cs1d-cpu67haCJ-series and CS-series CPU modules
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-1501
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.69%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-45423
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Action-Not Available
Vendor-n/aDahua Technology Co., Ltd
Product-dhi-dss4004-s2_firmwaredhi-dss7016dr-s2_firmwaredhi-dss4004-s2dhi-dss7016d-s2_firmwaredhi-dss7016d-s2dss_professionaldhi-dss7016dr-s2dss_expressDSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21006
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-83.02% / 99.21%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:25
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21183
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.77%
||
7 Day CHG+0.17%
Published-16 Jul, 2024 | 22:40
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Serverweblogic_server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21619
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.96%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 22:48
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400ex2200-vcex4300-48tafiex4300-24tex_redundant_power_systemex6200ex4300_multigigabitex3300ex3400ex4100-fex2300-48mpsrx550ex2300mex2200ex6210ex4300-48t-sex4300mjunosex4550-vcex9251ex4550\/vcsrx240mex4300-24t-sex3300-vcex4300-48tex4300-32fex8200-vcex4300-vcsrx380srx4200ex2300-24tex9200ex4300-48mp-sex2300-24mpex4300-24pex4300srx5000ex2200-cex9250ex2300ex_rpsex9253srx1400srx4300ex4600ex4300-48tdc-afiex2300-24pex4300-mpsrx5600ex2300-csrx650ex4500-vcex4300-32f-ssrx345ex4200-vcsrx5800ex4300-48t-dcsrx110srx4000ex2300-48psrx550_hmsrx240h2srx220ex4100_multigigabitex4400-24xex9204srx5400ex4650srx100srx3400srx300srx2300ex8208ex8200srx210ex4500ex4600-vcex3200ex4550srx1500ex8216ex4300-48tdcex4200srx340srx4100ex4300-48t-dc-afisrx3600ex4300-48mpsrx240ex2300-48tex9208ex4300-48pex4300-32f-dcex4300-48t-afiex4400_multigigabitsrx1600ex4100ex9214srx320ex4300-48p-sex2300_multigigabitex4300-24p-ssrx4600srx550msrx4700Junos OS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4228
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.57%
||
7 Day CHG+0.02%
Published-30 Nov, 2022 | 00:00
Updated-19 Nov, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Book Store Management System information disclosure

A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.

Action-Not Available
Vendor-book_store_management_system_projectSourceCodester
Product-book_store_management_systemBook Store Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-21007
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.42%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-21 May, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-4240
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 16:15
Updated-09 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated API allowing an attacker to obtain the information about network resources

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1

Action-Not Available
Vendor-Honeywell International Inc.
Product-onewireless_network_wireless_device_manageronewireless_network_wireless_device_manager_firmwareOneWireless
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-41629
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG+0.02%
Published-31 Oct, 2022 | 19:51
Updated-16 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-infrasuite_device_masterInfraSuite Device Master
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-48814
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Licensing Service Security Feature Bypass Vulnerability

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-13173
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 07:44
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Health information leakage vulnerability

The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Action-Not Available
Vendor-vivo
Product-Health
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-39412
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-3.67% / 87.42%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-23 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-access_managerAccess Manager
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48300
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-38817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-90.66% / 99.60%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 12:32
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-dapr_dashboardn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-13185
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Vivo Mobile Communication Co., Ltd.
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 08:08
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MinigameCenter module information leakage vulnerability

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Action-Not Available
Vendor-vivo
Product-MinigameCenter
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-37062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG+0.20%
Published-18 Aug, 2022 | 17:05
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.

Action-Not Available
Vendor-flirn/a
Product-flir_ax8_firmwareflir_ax8n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-34908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.10% / 28.58%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.

Action-Not Available
Vendor-aremisn/a
Product-aremis_4_nomadsn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found