CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

CVE-2021-21425

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

CVE-2021-33850

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page...

CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...

CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

CVE-2020-25058

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The networkmanagement service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 July 2020...

CVE-2020-8352

In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes...

CVE-2019-20459

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS...

CVE-2019-10307

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers to change the per-job default graph configuration for all users...

CVE-2015-3028

McAfee Advanced Threat Defense MATD before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2019-8123

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...

Lantronix Device installer 代码问题漏洞

Lantronix Device installer is a device installer from Lantronix USA. A code issue vulnerability exists in Lantronix Device installer version 4.4.0.7 and prior versions, which stems from an XML external entity attack in a configuration file that could lead to credential disclosure and configuratio...

CVE-2009-0621

Cisco ACE 4710 Application Control Engine Appliance before A18a uses default 1 usernames and 2 passwords for a the administrator, b web management, and c device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or...

CVE-2009-0616

Cisco Application Networking Manager ANM before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."...

CVE-2009-0620

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.1 uses default 1 usernames and 2 passwords for a the administrator and b web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access...

Tenda RX2 Pro Access Control Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An Access Control Error vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which stems from a lack of access control in the ate management binary, and can be exploited by an attacker to cause unauthorized...

PT-2025-19709 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.6.0 and earlier Description: The issue is related to improper access control in the PAM feature, allowing a PAM user to self-approve their PAM requests even if disallowed by the configured policy. This can b...

PT-2025-19798 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 12.1.0 through 12.1.1 Description: The issue could allow an authenticated...

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An Access Control Error vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which stems from a lack of access control in the ate management binary, and can be exploited by an attacker to cause unauthorized...