ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability stems from cross-site request forgery, which allows attackers to forge cross-site requests using authenticated user sessions, thereb...

EUVD-2026-31131

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

Anritsu Remote Spectrum Monitor

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CVE-2026-4309

CVE-2026-4309 concerns NEC Platforms, Ltd. Aterm Series devices with a Missing Authorization vulnerability. The available documents state that an attacker can retrieve specific device information and alter settings over the network. The CVSS metrics indicate a Network attack vector, high attack c...

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

MAL-2025-66043 Malicious code in wati-buburayam29-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b79818122136e0547242625bdfd282cc6e32363b8e97e68aecc95c56f488bb6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12452

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged...

EUVD-2017-2461

Malware in sbrugna...

EUVD-2021-8064

Malicious code in bioql PyPI...

EUVD-2025-32273

The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

CVE-2025-7684

The CVE-2025-7684 issue is confirmed for the WordPress plugin Last.fm Recent Album Artwork (versions up to and including 1.0.2). The root cause is missing/incorrect nonce validation on lastfm_albums_artwork.php, enabling Cross‑Site Request Forgery that can lead to a Stored Cross‑Site Scripting co...

PaperCut NG < 20.1.8 / 21.x < 21.2.12 / 22.x < 22.1.1 CSRF

The version of PaperCut NG installed on the remote Windows host is affected by a vulnerability. A Cross-Site Request Forgery CSRF vulnerability has been identified in PaperCut MF/NG, which, under specific conditions, could potentially enable an attacker to alter security settings or execute...

CVE-2024-5676

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2021-20657

Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors...

CVE-2025-2110

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticate...

CVE-2024-13521

The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the masoptions function. This makes it possible for unauthenticated attackers to update settings and...