WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability

Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...

GHSA-7JM2-G593-4QRC OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

CVE-2025-15400

The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook...

CVE-2025-15400

The Pix para Woocommerce WordPress plugin (up to version 2.13.3) has an authenticated AJAX action flaw that resets payment gateway configuration without capability/nonce checks. Any authenticated user (e.g., subscribers) can clear API credentials and webhook status, causing persistent OpenPix pay...

CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the UpdateWebServerGatewaySettings method, which can be exploited by an attacker to cause...

Broadcom RAID Controller 安全漏洞

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that stems from a session mismanagement issue in the web interface's Gateway Settings feature, which makes the product vulnerable to attack...

Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...

CVE-2017-7315

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin...

CVE-2017-7317

An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin...