CVE-2025-47529

Missing Authorization vulnerability in UX Design Experts Experto CTA Widget - Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget - Call To Action, Sticky CTA, Floating...

CVE-2023-45766

Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through = 4.7.1...

CVE-2022-48615

An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information...

CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...

CVE-2025-45614

Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload...

PT-2025-16332

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 This PoC demonstrates how it’s possible to byp...

CVE-2025-32246

CVE-2025-32246 concerns a Missing Authorization vulnerability in the WordPress plugin “1-Click Backup & Restore Database” by Tim Nguyen. Affected range is from none specified to 1.0.3. The CVE entry provides a CVSS v3.1 base score of 5.4 (NETWORK, LOW-PRIVILEGES, NONE UI, LOW confidentiality/inte...

CVE-2025-22285

Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through = 1.1.15...

CVE-2025-30853

Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through = 3.10.0...

CVE-2025-31789

Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through = 1.9.1...

CVE-2025-31525

Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu mobile-bottom-menu-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mobile Bottom Menu: from n/a through = 1.4.0...

CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/filesaver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach th...

Exploit for Improper Authentication in Google Android

h0nkbtexploit Samsung devices are vulnerable to a critical...

D-Link DIR-605L/DIR-618 formSetDomainFilter Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An access control error vulnerability exists in the D-Link DIR-618 version 2.02 and the D-Link DIR-605L version 3.02, which stems from improper access control in the file /goform/formSetDomainFilter, an...

CVE-2025-25523

Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v11.00.023 due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability...

CVE-2023-41848

Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2...

Command Execution Vulnerability in anysec 2nd Generation Firewall System of Shenzhen Zhongke Netway Technology Co. Ltd (CNVD-2024-41199)

Ltd. is a high-tech enterprise focusing on the research, development and production of network security products. Shenzhen Zhongke Networthy Technology Co., Ltd. anysec second-generation firewall system has a command execution vulnerability that can be exploited by an attacker to gain control of...

Cisco Releases Security Updates for IOS XR Software

Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...

VMware Releases Advisory for VMware Tools Vulnerabilities

VMware released a security advisory addressing multiple vulnerabilities CVE-2023-34057, CVE-2023-34058 in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware advisory...