WordPress Canto plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Setting Modification vulnerability discovered by Legion Hunter in WordPress Plugin Canto versions = 3.1.1...

CVE-2026-1086

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the...

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

EUVD-2020-1532

Malware in sbrugna...

CVE-2024-20872

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE...

CVE-2024-20872

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE...

CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...

WordPress Responsive Menu plugin <= 4.0.3 - Cross-Site Request Forgery (CSRF) leading to Setting Modification vulnerability

Cross-Site Request Forgery CSRF leading to Setting Modification vulnerability found by WordFence in WordPress Responsive Menu plugin versions = 4.0.3. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.0.4...

CVE-2020-0024

In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2020-0024

CVE-2020-0024 affects Android 8.0–10 in SettingsBaseActivity.java via a permissions bypass in onCreate, enabling local escalation of privilege. Exploitation requires user interaction and does not require initial execution privileges, per the NVD entry. Affected products are Android 8.0/8.1/9/10; ...

CVE-2019-15821

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data...

Rockwell Automation Micrologix 1400 <= 21.2 Master Password Leak

Binary data 720219.prm...

Improper access control

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

CVE-2017-14471

CVE-2017-14471 concerns an unauthenticated access-control vulnerability in the Allen-Bradley MicroLogix 1400 Series B FRN 21.2 and prior, affecting data, program, and function file permissions. A crafted network packet can trigger read/write operations that disclose sensitive information or modif...

CVE-2017-14462

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

CVE-2016-3886

systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438...

Code injection

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...