CVE-2018-25174

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to configurarperfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and...

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

EUVD-2025-35060

TastyIgniter vulnerable to Cross-Site Scripting...

CVE-2025-61417

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

EUVD-2015-3036

Malware in sbrugna...

EUVD-2014-2237

Malware in sbrugna...

EUVD-2022-30034

Malicious code in bioql PyPI...

EUVD-2022-41160

Malicious code in bioql PyPI...

Incorrect Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization via incomplete role-based checks in the checkproxyadminvieweraccess function. An attacker can modify user credentials by sending crafted requests to...

CVE-2024-37649

Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials...

PT-2024-27699 · Unknown · Securestation

Name of the Vulnerable Software and Affected Versions: SecureSTATION versions 2.5.5.3116-S50-SMA-B20160811A and before Description: The issue allows a physically proximate attacker to obtain sensitive information via the modification of user credentials. This is due to an Insecure Permissions...

CVE-2022-38583

On versions of Sage 300 2017 - 2022 6.4.x - 6.9.x which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the...

CVE-2022-25363

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

PT-2022-17241 · Watchguard · Watchguard Firebox +1

Name of the Vulnerable Software and Affected Versions: WatchGuard Firebox and XTM appliances versions prior to 12.1.3 U8 WatchGuard Firebox and XTM appliances versions 12.2.x through 12.5.x before 12.5.9 U2 WatchGuard Firebox and XTM appliances versions prior to 12.7.2 U2 Description: The issue...

Sitel CAP/PRX 信任管理问题漏洞

Sitel CAP/PRX is an operating system from Sitel France. It is used for central processing units that have a 180MHz ARM9 architecture. A trust management issue vulnerability exists in SITEL CAP/PRX firmware version 5.2.01, which arises from the use of hard-coded passwords, and can be exploited by ...

WordPress WooCommerce PayPal Checkout Payment Gateway plugin input validation error vulnerability (CNVD-2019-31166)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An input validation error vulnerability exists in the WordPress WooCommerce PayPal Checkout Payment Gateway...

Arbitrary Account Password Reset Vulnerability in Hongyi Environmental Protection Android APP

Hongyi Environmental Android APP is an air purifier management tool. There is an arbitrary account password reset vulnerability in Hongyi Environmental Protection Android APP. After logging into the system, an attacker can reset any password by grabbing packets and modifying them through the forg...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in adm/adminedit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials...

CVE-2011-5298

Multiple cross-site request forgery CSRF vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that 1 modify credentials via the role parameter to users/create/, 2 modify rules via the terms field in streamfilterrule JSON da...