Search Results (2475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45205 1 Ui 1 Unifi 2026-04-15 N/A
An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).
CVE-2024-30479 1 Lionscripts 1 Ip Blocker Lite 2026-04-15 5.3 Medium
Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.
CVE-2025-11043 1 Br-automation 2 Automation Studio, Studio 2026-04-15 7.4 High
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.
CVE-2023-48753 2 10up, Wordpress 2 Restricted Site Access, Wordpress 2026-04-15 5.3 Medium
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1.
CVE-2025-48937 2026-04-15 4.9 Medium
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0.
CVE-2024-46957 1 Mellium 1 Xmpp 2026-04-15 9.8 Critical
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
CVE-2024-43107 2026-04-15 7.2 High
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
CVE-2025-11955 2 Microsoft, Thegreenbow 6 Windows, Ipsec Vpn Client, Thegreenbow Vpn Client and 3 more 2026-04-15 N/A
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
CVE-2024-39337 2026-04-15 6.5 Medium
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.
CVE-2024-5445 2026-04-15 3.8 Low
Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.
CVE-2025-31122 2026-04-15 N/A
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
CVE-2024-37016 1 Mengshen 1 M70 2026-04-15 6.8 Medium
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach.
CVE-2024-37015 1 Adacore 1 Ada Web Services 2026-04-15 7.4 High
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.
CVE-2023-47435 2026-04-15 9.8 Critical
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.
CVE-2024-5443 1 Parisneo 1 Lollms 2026-04-15 N/A
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`""`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that points to the root directory. Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. The vulnerability affects versions up to 5.9.0, and has been addressed in version 9.8.
CVE-2024-4762 1 Lenovo 2 Accessories And Display Manager, Display Control Center 2026-04-15 7.8 High
An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.
CVE-2025-44018 1 Gl-inet 1 Gl-axt1800 2026-04-15 8.3 High
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2025-12047 1 Lenovo 1 Scanner Pro 2026-04-15 5.3 Medium
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.
CVE-2025-31511 2026-04-15 7.3 High
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the following build numbers: 4.1.12.2.1.19, 4.1.12.5.2.36, 4.1.13.0.60, 4.1.13.2.0.3.39, 4.1.13.2.0.3.41, 4.1.13.2.42, 4.1.13.2.25.44, 4.1.14.0.13, 4.1.14.0.43, 4.1.14.0.48, and 4.1.14.1.5.32.
CVE-2025-40744 1 Siemens 1 Solid Edge Se2025 2026-04-15 7.5 High
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.