CVE-2025-30138

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract...

The vulnerability of the Smart IP Ban module in the Drupal CMS system allows a violator to view and modify settings.

The vulnerability of the Smart IP Ban module in the Drupal CMS system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to remotely view and modify settings...

CVE-2024-12511

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

PT-2025-2165 · WordPress · Ni Sales Commission For Woocommerce

Name of the Vulnerable Software and Affected Versions: Ni Sales Commission For WooCommerce plugin for WordPress versions up to, and including, 1.2.4 Description: The issue is related to unauthorized access due to a missing capability check on the "niwoosc ajax" AJAX endpoint. This allows...

PT-2025-1817 · WordPress · Lazyload Background Images

Name of the Vulnerable Software and Affected Versions: LazyLoad Background Images plugin for WordPress versions up to and including 1.0.7 Description: The issue arises from a missing capability check on the pblzbg save settings function, allowing authenticated attackers with Subscriber-level acce...

PT-2024-16370 · WordPress · Ti Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: TI WooCommerce Wishlist plugin for WordPress versions prior to 2.9.2 Description: The issue concerns a missing capability check in the wizard function, allowing unauthenticated attackers to create new pages, modify plugin settings, and perfor...

CVE-2024-41968

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS...

Quick Heal Antivirus Pro 安全漏洞

Quick Heal Antivirus Pro is an antivirus software from Quick Heal India. A security vulnerability exists in Quick Heal Antivirus Pro version 24.1.0.182 and prior versions, which stems from the presence of faulty access control that allows an authenticated attacker with low-level privileges to...

CVE-2024-48293

Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings...

CVE-2024-48293

Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings...

PT-2024-39873 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue allows for an unlimited number of failed login attempts with the Clinician Password or the Serial Number Clinician Password. This enables an attacker to perform a brute-force...

PT-2024-10843 · WordPress · Indeed Membership Pro

Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...

CVE-2024-41941

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization...

CVE-2024-6895

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

CVE-2024-6895

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

CVE-2024-6895

CVE-2024-6895 affects Yugabyte Platform: Insufficient authentication in user account management could allow a local-network attacker with a compromised session to change critical security settings (e.g., password, email) without re-authenticating, enabling account takeover. Exploitation details a...

PT-2024-31208 · WordPress · Salon Booking System

Name of the Vulnerable Software and Affected Versions: The Salon booking system plugin for WordPress versions up to, and including, 9.9 Description: The issue allows unauthorized access and modification of data due to a missing capability check on several functions hooked into admin init. This...

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

CVE-2024-4426

The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slid...