Search Results (4509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-8863 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more 2026-06-10 7.8 High
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
CVE-2024-49076 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-06-09 7.8 High
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2024-38124 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2026-06-09 9 Critical
Windows Netlogon Elevation of Privilege Vulnerability
CVE-2024-38139 1 Microsoft 1 Dataverse 2026-06-09 8.7 High
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2026-41720 1 Spring 1 Spring Ldap 2026-06-09 7.4 High
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3.
CVE-2026-11618 1 Dtstack 1 Taier 2026-06-09 7.3 High
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
CVE-2026-6274 1 Dts Electronics 1 Redline Wr3200 2026-06-08 9.8 Critical
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
CVE-2026-34123 1 Tp-link 1 Tapo C520ws V2 2026-06-08 N/A
On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass whitelist restrictions, allowing restricted operations to be masked as permitted requests and executed. Successful exploitation may allow an attacker (with access to a restricted account) to execute unauthorized sensitive operations.  Depending on the operation invoked, impact could include device resets, unintended configuration changes, or disruption of normal operation, leading to loss of availability and integrity of the device.
CVE-2026-49197 1 Acer 2 Predator Connect W6x, Predator Connect W6x Firmware 2026-06-08 9.8 Critical
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
CVE-2026-11345 1 Linqi 1 Linqi 2026-06-05 N/A
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided. While this flaw allows bypassing the intended authorization check, the actual security impact is negligible; the exposed resources are strictly limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible via a standard CDN.
CVE-2017-14032 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 N/A
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
CVE-2026-34873 2 Mbed-tls, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 9.1 Critical
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2023-5502 1 Arista 1 Eos 2026-06-05 5.9 Medium
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.
CVE-2025-7630 1 Doruk Communication And Automation Industry And Trade Inc. 1 Wispotter 2026-06-05 5.3 Medium
Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1.
CVE-2026-49186 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 9.8 Critical
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
CVE-2026-49191 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 9.8 Critical
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.
CVE-2026-49194 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 8.8 High
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
CVE-2026-49203 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 8.3 High
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
CVE-2026-49202 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 8.6 High
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
CVE-2025-10463 1 Birtech Information Technologies Industry And Trade 1 Senseway 2026-06-05 7.3 High
Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse. This issue affects Senseway: through 09022026.  NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.