CVE-2020-7294

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...

CVE-2023-31003

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658...

CVE-2025-20259

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An...

CVE-2024-13102

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has be...

CVE-2024-13105

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attac...

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite (cisco-sa-sdwan-fileoverwrite-Uc9tXWH)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of...

CVE-2025-3666

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-3675

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been...

CVE-2025-3325

A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attac...

CVE-2025-2994

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14408. This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The...

CVE-2025-2994

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14408. This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The...

CVE-2025-2990

A vulnerability was found in Tenda FH1202 1.2.0.14408. It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely...

CVE-2025-2334

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access...

CVE-2025-2090

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be...

CVE-2025-2090

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be...

CVE-2024-13107

The CVE-2024-13107 entry concerns the D-Link DIR-816 A2 device (firmware 1.10CNB05_R1B011D88210) in the ACL Handler’s form2LocalAclEditcfg.cgi. The vulnerability arises from improper access controls on an unknown portion of that CGI, enabling remote initiation of an attack. Multiple connected sou...

CVE-2024-13105

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attac...