CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-20972

Samsung Flow is affected by an improper verification of intent in the broadcast receiver in versions prior to 4.9.17.6, enabling local attackers to modify the Flow configuration. The issue is documented across multiple sources, with PT-Security specifying the affected versions and a remediation: ...

Cisco Catalyst Center 访问控制错误漏洞

Cisco Catalyst Center Cisco DNA Center is a network management system from Cisco USA. An access control error vulnerability exists in Cisco Catalyst Center that stems from a lack of authentication of API endpoints, which could lead to agent configuration modification attacks...

CVE-2024-52976 Elastic Agent Inclusion of Functionality from Untrusted Control Sphere

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations...

PT-2025-18391 · Elastic · Agent

Name of the Vulnerable Software and Affected Versions: Elastic Agent affected versions not specified Description: The issue allows local attackers to execute arbitrary code via parameter injection in the osqueryd subprocess of Elastic Agent. This can happen due to the inclusion of functionality...

PT-2025-17892 · Quantum · Stornext Ryo +2

Name of the Vulnerable Software and Affected Versions: StorNext RYO versions prior to 7.2.4 StorNext Xcellis Workflow Director versions prior to 7.2.4 ActiveScale Cold Storage versions prior to 7.2.4 Description: The issue allows access to internal configuration and unauthorized modification of...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

CVE-2025-23008

An improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations...

SonicWALL NetExtender Windows client 安全漏洞

SonicWall NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. A privilege mismanagement vulnerability exists in the SonicWall NetExtender Windows client, which can be exploited by an attacker to modify the configuration and elevate...

PT-2025-15912 · Sonicwall · Sonicwall Netextender Windows

Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender Windows affected versions not specified Description: The issue is related to improper privilege management, allowing a low-privileged attacker to modify configurations in the SonicWall NetExtender Windows client...

umati Gateway 信息泄露漏洞

umati Gateway is an umati open source tool that uses JSON messages to connect OPC UA servers to MQTT agents. An information disclosure vulnerability exists in umati Gateway that stems from the user interface allowing public access, which could result in configurations being viewed and modified...

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

PT-2025-7273 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The issue allows an attacker to modify the configuration of the device due to a CSRF vulnerability. This enables the attacker to change device settings, potentially leading to...

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

CVE-2024-45461

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

CVE-2022-41876

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...