Authentication Bypass

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CWE-284: Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory corruption while handling client exceptions, allowing unauthorized channel access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Binding authentication bypass vulnerability in the devicemanager module. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

onion-site-template is a complete, scalable tor hidden service self-hosting sample. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RatPanel is a server operation and maintenance management panel. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

An issue was discovered in CPUID cpuz.sys 1.0.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Electron Capture facilitates video playback for screen-sharing and capture. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application.

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

The WP CTA - Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Missing authorization in Droip plugin for WordPress (all versions ≤2.2.6) allows authenticated attackers with Subscriber-level privileges to manipulate content and settings via droip_post_apis() AJAX handler. Exploitable actions include arbitrary post deletion/creation, post duplication, settings modification, and user account manipulation. Requires only low-privilege authenticated access (PR:L) for high-impact compromise of confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis.

Unauthenticated login token generation in WebinarIgnition plugin for WordPress (versions ≤4.03.32) allows remote attackers to bypass authentication and impersonate arbitrary users. The vulnerability stems from missing capability checks on support staff authentication functions, enabling attackers to generate valid login tokens and authorization cookies without credentials (CVSS:3.1 AV:N/AC:L/PR:N). EPSS data not provided; no confirmation of active exploitation (CISA KEV) at time of analysis. Public exploit code existence not confirmed, though technical details are available via WordPress plugin repository references.

Content Security Policy bypass in Mozilla Firefox and Thunderbird allows remote attackers to circumvent CSP protections via maliciously crafted XSLT documents. The flaw affects Firefox versions prior to 141 and Firefox ESR prior to 128.13/140.1, as well as Thunderbird versions prior to 141 and Thunderbird ESR prior to 128.13/140.1. Attack requires user interaction (visiting a malicious site or opening a malicious email) but no authentication. With CVSS 8.1 (High severity) and documented in six separate Mozilla security advisories, this CSP bypass enables high-impact confidentiality and integrity violations, though no public exploit or active exploitation has been identified at time of analysis.

Block Editor Gallery Slider plugin for WordPress up to version 1.1.1 allows authenticated Subscriber-level attackers to modify post metadata for arbitrary posts due to a missing capability check in the classic_gallery_slider_options() function. The vulnerability has a CVSS score of 4.3 and requires only low-privileged authenticated access with no user interaction, but carries limited impact (data integrity only, no confidentiality or availability breach). No public exploit code or active exploitation has been identified at time of analysis.

SQL injection in the B1.lt WordPress plugin (versions ≤2.2.57) allows authenticated users with Subscriber-level privileges to execute arbitrary database commands via the b1_run_query AJAX action. The vulnerability stems from a missing capability check (CWE-862), enabling low-privileged authenticated attackers to access database functionality normally restricted to administrators. With CVSS 8.8 (network-accessible, low complexity, high impact on confidentiality/integrity/availability) and successful exploitation requiring only subscriber credentials, this represents a critical privilege escalation vector. No public exploit identified at time of analysis, though the technical details disclosed increase weaponization risk.

JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privileged local attackers to extract unencrypted authentication tokens from log files, leading to unauthorized access and session hijacking. This CWE-532 (insertion of sensitive information into log file) vulnerability requires local access with high privileges but presents low attack complexity. EPSS data not provided; no confirmed active exploitation (not present in CISA KEV); no public exploit code identified at time of analysis. The CVSS 4.0 score of 7.1 reflects significant confidentiality and integrity impact within the vulnerable component scope.

CodeSolz Ultimate Push Notifications WordPress plugin through version 1.2.0 contains a missing authorization vulnerability allowing unauthenticated attackers to exploit incorrectly configured access control to bypass security levels and gain unauthorized access to sensitive functionality. The vulnerability is classified as CWE-862 (Missing Authorization) with low exploitation probability (EPSS 0.07%, 22nd percentile), indicating real-world exploitation risk is minimal despite the access control deficiency.

Missing authorization in PW WooCommerce On Sale plugin up to version 1.39 allows attackers to exploit incorrectly configured access controls, potentially accessing restricted functionality without proper permission verification. This WordPress plugin vulnerability affects all versions through 1.39 and has low exploitation probability (EPSS 0.07%, percentile 22%), with no confirmed active exploitation or public exploit code identified at time of analysis.

Missing authorization controls in the Internal Linking of Related Contents WordPress plugin (versions up to 1.1.8) allow attackers to exploit incorrectly configured access control security levels, potentially enabling unauthorized access to plugin functionality. The vulnerability stems from improper implementation of access controls (CWE-862) and carries a low EPSS score of 0.07% despite the authorization flaw, suggesting limited real-world exploitation probability at time of analysis.

Missing authorization in WPFactory Wishlist for WooCommerce through version 3.2.3 allows unauthenticated attackers to exploit incorrectly configured access controls to perform unauthorized actions on wishlists. The vulnerability stems from broken access control mechanisms (CWE-862) that fail to properly validate user permissions before granting access to sensitive wish-list functionality. With an EPSS score of 0.07% (22nd percentile), real-world exploitation likelihood is currently low, but the issue affects a popular WooCommerce plugin used across numerous e-commerce sites.

Missing authorization controls in WPFactory's Product XML Feed Manager for WooCommerce through version 2.9.2 allow attackers to exploit incorrectly configured access control security levels, potentially exposing sensitive product feed data or enabling unauthorized administrative actions. The vulnerability affects all versions up to and including 2.9.2, with no publicly available exploit code identified at time of analysis, and an EPSS score of 0.07% indicating very low real-world exploitation probability despite the authorization defect.

August Infotech's Multi-language Responsive Contact Form WordPress plugin up to version 2.8 fails to properly enforce access controls, allowing unauthenticated attackers to access administrative functionality that should be restricted by role-based access control lists. The missing authorization checks enable unauthorized users to perform actions intended only for administrators, as evidenced by the CWE-862 classification and authentication bypass tag. EPSS scoring (0.07%) indicates low exploitation probability in the wild, but the vulnerability represents a direct authorization failure affecting a widely-distributed WordPress plugin.

Missing authorization controls in the exact-links WordPress URL Shortener plugin (versions up to 3.0.7) allow unauthenticated or low-privileged attackers to access functionality that should be restricted by access control lists. The vulnerability stems from improper ACL enforcement, enabling unauthorized users to perform actions beyond their intended permissions without authentication requirements.

Missing authorization controls in QuanticaLabs Cost Calculator WordPress plugin version 7.4 and earlier allow unauthenticated or low-privileged attackers to bypass access control restrictions and exploit incorrectly configured security levels. The vulnerability enables attackers to access or modify calculator functionality that should be restricted, with an extremely low exploitation probability (EPSS 0.05%) suggesting minimal real-world attack activity despite the access control weakness.

News Kit Elementor Addons WordPress plugin version 1.3.4 and earlier contains a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control, potentially bypassing security restrictions on protected functionality. The vulnerability stems from improper access control checks and affects a widely-distributed WordPress plugin used for news content management within Elementor page builder environments. While CVSS scoring is unavailable, the EPSS score of 0.07% indicates low real-world exploitation probability at time of analysis, and no public exploit code or active exploitation has been confirmed.

Missing authorization controls in CreativeMindsSolutions CM Pop-Up banners WordPress plugin versions 1.8.4 and earlier allow unauthenticated attackers to bypass access control restrictions and exploit incorrectly configured security levels. The vulnerability stems from improper implementation of access control checks on sensitive functionality, enabling attackers to perform unauthorized actions through direct API or parameter manipulation without requiring valid credentials or proper authorization validation.

Missing authorization in SMTP2GO WordPress plugin versions through 1.12.1 allows unauthenticated attackers to exploit incorrectly configured access control mechanisms to bypass authentication and gain unauthorized access to SMTP2GO functionality. The vulnerability stems from broken access control rather than a cryptographic or input validation flaw, enabling attackers to interact with protected endpoints without proper privilege verification. While EPSS scoring indicates low exploitation probability (0.05%, percentile 17%), the nature of access control bypass vulnerabilities means real-world risk depends heavily on what sensitive operations are exposed.

Missing authorization controls in favethemes Houzez WordPress theme through version 4.0.4 allow unauthenticated attackers to bypass access control restrictions and access resources they should not be permitted to view. The vulnerability stems from incorrectly configured access control security levels that fail to properly validate user permissions before granting access to sensitive functionality. With an EPSS score of 0.05% (17th percentile), real-world exploitation risk is low despite the vulnerability's presence in a popular real estate theme.

Missing authorization controls in themeisle Hestia WordPress theme through version 3.2.10 allow unauthenticated attackers to access functionality that should be restricted by access control lists, enabling potential unauthorized actions within affected WordPress installations. The vulnerability has a low exploitation probability (EPSS 0.06%) and no confirmed active exploitation or public exploit code at time of analysis.

Missing authorization controls in Chatbox Manager WordPress plugin versions 1.2.5 and earlier allow unauthenticated or low-privileged attackers to bypass access control restrictions and exploit incorrectly configured security levels. The vulnerability stems from improper implementation of role-based access checks, potentially enabling unauthorized users to access or modify sensitive chatbox functionality. With an EPSS score of 0.05% and no evidence of active exploitation, this is a lower-priority vulnerability suitable for routine patching cycles.

Missing authorization controls in the Stop and Block Bots plugin (Anti bots) for WordPress through version 1.48 allows attackers to access functionality that should be restricted by access control lists, enabling unauthorized administrative operations without proper authentication. The vulnerability is classified as broken access control (CWE-862) with low exploitation probability (EPSS 0.06%) and no confirmed active exploitation.

Missing authorization controls in the Real Estate Property 2024 Create Your Own Fields and Search Bar WordPress plugin (versions up to 4.48) permit unauthenticated or low-privileged users to access functionality and data intended for higher privilege levels. The vulnerability stems from inadequately configured access control checks on plugin endpoints, allowing attackers to bypass intended security boundaries. With an EPSS score of 0.05% (17th percentile), real-world exploitation risk is minimal, and no public exploit code or active exploitation has been identified.

Arbitrary file deletion in Malcure Malware Scanner for WordPress (versions ≤17.0) permits authenticated attackers with Subscriber-level privileges to delete critical system files via wpmr_delete_file() function lacking capability checks. Exploitation enables path traversal to wp-config.php or other core files, creating conditions for remote code execution through redeployment of malicious files. Vulnerability active only when plugin's advanced mode enabled. Affects authenticated low-privilege users (PR:L). No public exploit identified at time of analysis.

Remote code execution via arbitrary plugin upload in Alone - Charity Multipurpose Non-profit WordPress Theme up to version 7.8.3 allows unauthenticated attackers to upload malicious zip files containing webshells through the alone_import_pack_install_plugin() function, achieving complete server compromise. This critical vulnerability (CVSS 9.8) stems from missing capability checks, enabling attackers to bypass all authentication requirements. No public exploit identified at time of analysis, though the attack is technically straightforward given the unauthenticated attack vector and low complexity (AC:L).

AIOHTTP versions prior to 3.12.14 contain a request smuggling vulnerability in the Python parser that fails to properly parse HTTP trailer sections, allowing attackers to bypass firewalls and proxy protections when the pure Python implementation is used. This vulnerability affects deployments running AIOHTTP without C extensions or with AIOHTTP_NO_EXTENSIONS enabled, enabling HTTP request smuggling attacks with high integrity impact. The vulnerability has a CVSS score of 7.5 (High) and is unauthenticated, network-accessible, and requires no user interaction.

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

CVE-2024-51767 is an authentication bypass vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to gain unauthorized access to the application with limited impact on confidentiality, integrity, and availability. The vulnerability has a CVSS score of 7.3 (High) with a network-accessible attack vector requiring no privileges or user interaction, making it trivially exploitable. While specific KEV status and EPSS data are not provided in the available intelligence, the authentication bypass nature combined with the low attack complexity indicates this vulnerability likely poses a moderate-to-high real-world risk to unpatched HPE APLS installations.

A path traversal vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7574 is a critical authentication bypass vulnerability in LB-LINK wireless router web interfaces affecting multiple models (BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000) up to version 20250702. The vulnerability in the /cgi-bin/lighttpd.cgi reboot/restore functions allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact (CVSS 9.8). A public exploit has been disclosed, the vendor has not responded to responsible disclosure efforts, and the attack requires no user interaction or special network conditions.

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.