EUVD-2026-14266

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

CVE-2021-47709

COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...

CVE-2025-41748

Summary (CVE-2025-41748): A reflected XSS vulnerability in the web application module pxc_Dot1xCfg.php allows an unauthenticated attacker to trick an authenticated user into clicking a malicious link that changes device configuration parameters via the web-based management interface (WBM). The im...

EUVD-2005-3658

Malware in sbrugna...

EUVD-2023-54320

Malicious code in bioql PyPI...

GHSA-438M-6MHW-HQ5W Mautic vulnerable to secret data extraction via elfinder

Summary A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Impact An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2023-30640

Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration...

Zexeron ZWX-2000CSW2-HN 安全漏洞

The Zexeron ZWX-2000CSW2-HN is a high-speed coaxial modem from Zexeron Corporation of Japan. A security vulnerability exists in the Zexeron ZWX-2000CSW2-HN prior to version 0.3.15, which originates from the use of hard-coded credentials that could allow a network-adjacent attacker with...

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

CVE-2022-4264 Incorrect privilege assignment in M-Files Web Server

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

KPN Experia WiFi 安全漏洞

KPN Experia WiFi is a wireless Internet access device. A security vulnerability exists in KPN Experia WiFi, which can be exploited by an authenticated, remote attacker to change the device configuration and enable remote code execution...

Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885)

Summary IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. Vulnerability Details CVEID: CVE-2020-4885 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2...

CVE-2021-3141

In Unisys Stealth core before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration...

Apache Accumulo 安全漏洞

Apache Accumulo is a reliable, scalable, high-performance sorted distributed Key-Value storage application from the Apache Foundation. An access control error vulnerability exists in Apache Accumulo versions 1.5.0 through 1.10.0 and 2.0.0 due to an authenticated user failing to properly check the...

CVE-2020-26830

SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. Thes...

CVE-2020-15102

In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0...

CVE-2020-3148

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...