Lucene search
+L

131 matches found

EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10458

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.11 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. Previous versions...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 8:47 a.m.3 views

BIT-MONGODB-2026-25609 profile command may permit unauthorized configuration

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 4:24 p.m.11 views

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

5.1CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.9 views

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

5.1CVSS5.1AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.9 views

CVE-2026-2504

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce DEALIAADMINNONCE is exposed to all users with editposts capability...

4.3CVSS5.9AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.42 views

CVE-2026-2504 Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce DEALIAADMINNONCE is exposed to all users with editposts capability...

4.3CVSS0.00208EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/10 6:39 p.m.4 views

CVE-2026-25609 profile command may permit unauthorized configuration

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

5.4CVSS5.5AI score0.00173EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/02/10 6:39 p.m.9 views

profile command may permit unauthorized configuration

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

5.4CVSS5.5AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/10 6:39 p.m.26 views

CVE-2026-25609 profile command may permit unauthorized configuration

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

5.4CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 6:39 p.m.61 views

CVE-2026-25609

CVE-2026-25609 relates to a MongoDB server issue where incorrect validation of the profile command may cause a request that alters the 'filter' to be treated as read-only. The CVSS data indicates moderate severity (CVSS 4.0/3.1 vectors) with network, low complexity, and low privileges required. A...

5.4CVSS5.5AI score0.00173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/10 6:16 p.m.10 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS0.00386EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/01/15 4:20 p.m.7 views

CVE-2025-37185

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS6.1AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 4:20 p.m.6 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS5.7AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:20 p.m.27 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS0.00223EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 12:17 p.m.7 views

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

3.3CVSS5.8AI score0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 7:5 a.m.2 views

CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

2.9CVSS6.5AI score0.00082EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 8:15 a.m.6 views

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

7.7CVSS0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 7:23 a.m.4 views

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

7.7CVSS6AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞

The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that originates from an authenticated user with read-only...

7.7CVSS6.3AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder