Zyxel GS1900 Security Vulnerability

The Zyxel GS1900 is a managed switch from China-based Zyxel. A security vulnerability exists in the Zyxel GS1900-24EP V2.70 ABTO.5 firmware version, which arises from improper privilege management that allows an authenticated local user with read-only access to modify system settings on the...

CVE-2023-4920 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobesaveoptions function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged...

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

CVE-2023-2352

The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chpabdaction function. This makes it possible for unauthenticated attackers to update or reset plugin...

PT-2023-20579 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare WordPress plugin versions prior to 3.2.1 Description: The issue concerns improper CSRF and authorization checks in various AJAX actions within the KiviCare WordPress plugin. This allows any authenticated user, including those with...

CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App...

CVE-2020-36697

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...

CVE-2023-2303

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2023-2303

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...

多款Nexx产品安全漏洞

Nexx Garage Door Controller and others are products of Nexx Corporation.Nexx Garage Door Controller is a garage door controller.Nexx Smart Plug is a smart plug.Nexx Smart Alarm is a smart alarm. A security vulnerability exists in the Nexx Smart Home Device that stems from a lack of proper access...

Atlassian Jira 7.13.0 < 7.13.6 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.6 or 8.0.0 prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A issue which permits remote attackers to trigger garbage collection v...

SUSE CVE-2007-3532

NVIDIA drivers nvidia-drivers before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service crash or physical video...

SUSE CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

Italtel NetMatch-S CI 安全漏洞

Italtel NetMatch-S CI is Italtel's first "In-Cloud" SBC designed for deployment in data center/cloud environments in accordance with emerging IT practices and telecom specifications NFV. A security vulnerability exists in Italtel NetMatch-S CI version 5.2.0-20211008, which stems from improper...

CVE-2022-37918

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

WordPress plugin VR Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Cross site request forgery (csrf)

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...