CVE-2026-40623

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchd...

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2025-13510

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings...

CVE-2025-13510

CVE-2025-13510 (Iskra iHUB / iHUB Lite) is a real vulnerability where the web management interface is exposed without authentication, allowing unauthenticated access to modify critical device settings. Affected product family: Iskra iHUB and iHUB Lite smart metering gateways. Root cause: missing ...

CVE-2025-13510 Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings...

CVE-2025-13510 Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings...

PT-2025-48770

Name of the Vulnerable Software and Affected Versions Iskra iHUB and iHUB Lite affected versions not specified Description The Iskra iHUB and iHUB Lite smart metering gateway’s web management interface is accessible without authentication. This allows unauthenticated users to access and modify...

EUVD-1999-0564

Malware in sbrugna...

CVE-2025-30138

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract...

Incorrect Authorization

org.apache.pulsar, pulsar-broker is vulnerable to Incorrect Authorization. The vulnerability exists due to inadequate access controls to modify topic-level policies. Only users with the tenant admin or super user role should be permitted to perform such management operations, allowing authenticat...

Authentication flaw

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...

CVE-2018-7245

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server Port 80/443/TCP of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or...

Cross site request forgery (csrf)

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...

CVE-2005-1932

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and 1 modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, 2 close, open, or respond to arbitrary support tickets via the close, open, or...