EUVD-2026-12629

An issue was discovered in SpeedExam Online Examination System SaaS after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key...

CVE-2025-25497

CVE-2025-25497 concerns Netsweeper Server prior to 8.2.7. The issue lies in the account management interface where client-side restrictions and missing server-side validation allow unauthorized changes to the "Account Owner" field, enabling account ownership reassignment to or away from any user....

Security feature bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701 UserPro <= 5.1.6 - Disabled Membership Registration Bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

UserPro < 5.1.7 - Disabled Membership Registration Bypass

Description The plugin is vulnerable to Security Feature Bypass, due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings, allowing unauthenticated attackers to register an account even when account registration has...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3...

OpenEMR < 7.0.1 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. 🕵️‍♂️ Proof of Concept Member-status Creation and Update - Directory Admin - Member Statuses - Create New Member Status - Code: Enter a string, Label: Enter...

Buffalo LinkStation 1.34 / 1.69 / 1.70 Authentication Bypass

Advisory: Buffalo LinkStation Authentication Bypass An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage NAS device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the...