CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-35586

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-3645

The CVE describes a concrete vulnerability in the Punnel – Landing Page Builder WordPress plugin (up to version 1.3.1). The save_config() function handling the punnel_save_config AJAX action lacks any capability check (no current_user_can()) and nonce verification, allowing authenticated attacker...

ROS-20250819-12

Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

Meshtastic 授权问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

PT-2022-16996 · Silicon · Gecko Bootloader

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions 4.0.1 and earlier Description: The issue is related to an Out-of-Bounds error in the GBL parser, which allows an attacker to overwrite the flash Sign key and OTA decryption key via a malicious bootloader...

Entity Metadata Overwrite

Vault is vulnerable to key overwrite. Deployments where an entity has multiple mount accessors and shared alias names are vulnerable to metadata overwritting in the wrong alias entity...

Zephyr 安全漏洞

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation in the United States. Zephyr suffers from a security vulnerability that stems from the ability to overwrite an existing key during the key distribution phase when the identity address of the key is know...

CVE-2020-15802

A flaw was found in the bluetooth specification that would allow an attacker within bluetooth radio range to abuse a protocol flaw which could allow key-overwrite in services. Mitigation As the bluetooth module will be auto-loaded when required, its use can be disabled by preventing the module fr...

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of...