Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22805 1 Ls-electric 2 Xbc-dn32u, Xbc-dn32u Firmware 2025-01-16 6.5 Medium
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.
CVE-2023-22807 1 Ls-electric 2 Xbc-dn32u, Xbc-dn32u Firmware 2025-01-16 9.8 Critical
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.
CVE-2023-0347 1 Akuvox 2 E11, E11 Firmware 2025-01-16 7.5 High
The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud.
CVE-2023-1138 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.5 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials.
CVE-2023-1751 1 Getnexx 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more 2025-01-16 7.5 High
The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.
CVE-2023-1968 1 Illumina 22 Iscan, Iscan Firmware, Iseq 100 and 19 more 2025-01-16 10 Critical
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.
CVE-2023-31241 2 Control4, Snapone 13 Ca-1, Ca-10, Ea-1 and 10 more 2025-01-16 8.6 High
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVE-2023-25183 1 Snapone 2 Orvc, Ovrc-300-pro 2025-01-16 8.3 High
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.
CVE-2024-12008 1 Boldgrid 1 W3 Total Cache 2025-01-16 5.3 Medium
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.
CVE-2023-4215 1 Advantech 1 Webaccess 2025-01-16 6.5 Medium
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVE-2023-45228 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 6.5 Medium
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
CVE-2023-46661 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 9.8 Critical
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
CVE-2023-46662 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
CVE-2023-46663 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
CVE-2023-46664 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
CVE-2023-46665 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 9.8 Critical
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
CVE-2021-25748 1 Kubernetes 1 Ingress-nginx 2025-01-16 7.6 High
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
CVE-2021-25749 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2025-01-16 7.8 High
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
CVE-2023-1174 2 Apple, Kubernetes 2 Macos, Minikube 2025-01-16 9.8 Critical
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.
CVE-2023-2845 1 Fit2cloud 1 Cloudexplorer Lite 2025-01-16 8.1 High
Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.