CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1232

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the favorite-output-definitions-table-proxy API endpoint. An attacker can access or modify configurations without proper authorization by sending requests as an authenticated backend user w...

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

CVE-2021-31540

Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

CVE-2022-35876

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

CVE-2020-36906

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2025-14346

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user...

GHSA-6H7W-V2XR-MQVW Bagisto Missing Authentication on Installer API Endpoints

Vulnerable Code File: packages/Ibkul/Installer/src/Routes/Ib.php groupfunction Route::controllerInstallerController::class-\groupfunction Route::get'install', 'index'-\name'installer.index'; Route::middlewareStartSession::class-\prefix'install/api'-\groupfunction Route::post'env-file-setup',...

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

CVE-2025-63219

The CVE-2025-63219 issue affects the ITEL ISO FM SFN Adapter, specifically firmware ISO2 2.0.0.0 and WebServer 2.0. The root cause is improper/session management on the /home.html endpoint, allowing an unauthenticated user to hijack an active session and potentially control the device and modify ...

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

MAL-2025-188363 Malicious code in npm-publish-cross-env-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f326fe849575cb4d47994a975a7fe829719b21959ffb49ef1ac24126a1519ae8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187985 Malicious code in mesosphere-bootes-primatology-levels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8eb4476e67bc8ba2d8ab0e4bd9d74c8303fd6ff5f358e8668ac8c8457cf414 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189290 Malicious code in run-script-juno-supernova-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28d5416570aa5bf98628db20b38d6aa688ee1a11743013f75bbbf34b033fb219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187990 Malicious code in mesosphere-jupiter-sirius-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9644d9c205b35461491024d83d86512d91f81d021787e7443dcc5b68ff0c4ede This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in technosignature-eslint-plugin-deimos-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59655cd4ef955dfbcaad401568c4eaa54de4cf841a6588794b7a680f8c055fc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...