CVE-2024-9586

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checkauth' and 'checklogout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings...

CVE-2024-8892

CVE-2024-8892 affects CIRCUTOR TCP2RS+ firmware v1.3b. A vulnerability allows an unauthenticated attacker to modify any configuration value by sending packets to UDP port 2000, deconfiguring the device and making it unusable. The device is described as end-of-life. Mitigation from PT-2024-39304 s...

CVE-2024-8889

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

CVE-2024-8751

The CVE-2024-8751 entry concerns SICK MSC800 (and MSC800 LFT) with a vulnerability that allows an unauthenticated attacker to modify the device IP via Sopas ET, potentially causing a Denial of Service. Affected versions are MSC800 prior to V4.26 and MSC800 LFT prior to S2.93.20. Remediation is to...

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS

Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

CVE-2023-50443

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 ANSSI qualification submission or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are open...

CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 ANSSI qualification submission; ZED! for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows...

CVE-2023-50443

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 ANSSI qualification submission or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are open...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

Authentication flaw

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port...

Unspecified vulnerability in WordPress motors-car-dealership-classified-listings

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the includes/options.php file in WordPress...

Exploit for Path Traversal in Wordpress

CodePath Week 7-8 CodePath Assignment for Weeks 7 & 8: CVE...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...