CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

EUVD-2026-16095

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2026-2931 Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

PT-2026-28198

Name of the Vulnerable Software and Affected Versions Amelia Booking plugin for WordPress versions up to 9.1.2 Description The Amelia Booking plugin for WordPress is susceptible to Insecure Direct Object References. The plugin allows user-controlled access to objects, potentially enabling a user ...

PT-2026-7862

Name of the Vulnerable Software and Affected Versions BrightSign players versions prior to 8.5.53.1 series 4 BrightSign players versions prior to 9.0.166 series 5 Description BrightSign players utilize a default password that can be easily guessed if device information is known. This allows...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

EUVD-2020-31048

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37008

CVE-2020-37008 affects EasyPMS 1.0.0. The vulnerability is an authentication bypass that lets unprivileged users manipulate SQL queries in JSON requests by injecting single quotes in ID parameters, allowing access to admin user information and potential modification of admin passwords without pro...

CVE-2021-47754

Arunna 1.0.0 is affected by a cross-site request forgery (CSRF) vulnerability (CVE-2021-47754). The issue allows an attacker to manipulate user profile settings without authentication by tricking an authenticated user into submitting a malicious form, enabling changes to user details such as pass...

CVE-2020-36906

The connected documents jointly confirm a cross-site request forgery (CSRF) vulnerability in P5 FNIP-8x16A and FNIP-4xSH devices running version 1.0.20. The root cause is a CSRF flaw that allows an attacker to trigger administrative actions without user consent by forcing an authenticated user to...

CVE-2020-36906 P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

EUVD-2023-60231

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

WordPress plugin Truelysell Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2024-23543

Malicious code in bioql PyPI...

EUVD-2024-23544

Malicious code in bioql PyPI...