EUVD-2026-25354

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability. This vulnerability stems from insufficient verification and security controls during modifications to critical system...

CVE-2026-40623

SenseLive X3050 is affected by a vulnerability in its web management interface where insufficient validation of sensitive configuration changes (e.g., IP addressing, watchdog timers, reconnect intervals, and service ports) allows an attacker to modify core behavior and recovery mechanisms. The un...

CVE-2026-27843

SenseLive X3050 is affected by CVE-2026-27843, where the web management interface permits modification of critical configuration parameters without sufficient authentication or server-side validation. By feeding unsupported or disruptive values to recovery mechanisms and network settings, an atta...

CVE-2026-27843 SenseLive X3050 Missing authentication for critical function

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

EUVD-2026-16547

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

CVE-2024-42456

CVE-2024-42456 affects Veeam Backup & Replication . A low-privileged user with a specific role can exploit a method with insufficient permission checks to modify critical configuration settings (e.g., trusted client certificate on a port), potentially allowing calls to privileged methods and init...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-5823

A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...

PT-2024-37185 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt versions = 20240410 Description: A file overwrite issue exists, allowing unauthorized access to overwrite critical configuration files. This can lead to unauthorized changes in system behavior or security settings...

CVE-2024-49359

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

Authentication flaw

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...

Design/Logic Flaw

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could...

CVE-2006-0023

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the 1 Simple Service Discovery Protocol SSDP, 2...