CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

EUVD-2026-5620

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

CVE-2025-34224

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose a set of PHP scripts under the consolerelease directory without requiring authentication. An unauthenticated remote attacker can invoke these...

CVE-2025-52873

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to...

PT-2025-33281 · Undefined · Undefined

KuWFi CPF908-CP5 WEB5.0 LCD 20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform set cmd process and goform/goform get cmd process. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and...

Lexmark 安全漏洞

Lexmark is a line of printers from Lexmark, a US-based company. A security vulnerability exists in Lexmark that stems from susceptibility to a cross-site request forgery attack that allows an attacker to modify the device configuration...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

The vulnerability of the FortiSandbox threat detection and mitigation system, related to the implementation of security functions at the client side, allows a perpetrator to modify the device’s configuration.

The vulnerability of the FortiSandbox threat detection and mitigation system is related to the implementation of security functions at the client side. Exploiting this vulnerability could allow a malicious actor to modify the device’s configuration...

Buffalo network devices 信任管理问题漏洞

Buffalo firmware is a network device from Buffalo, a Japanese company. Buffalo Wi-Fi devices are vulnerable to a trust management issue that stems from the use of hard-coded credentials, which can be exploited by an attacker on a neighboring network to modify the device's configuration...

Bosch Amc2 信任管理问题漏洞

Bosch Amc2 is an access modular controller from Bosch, Germany. The Bosch AMC2 is vulnerable to a trust management issue vulnerability that arises from an attacker being able to retrieve a key from the firmware to decrypt network traffic between the AMC2 and the host system. As a result, an...

CVE-2018-0284

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

TrackR Bravo Unauthorized Pairing Vulnerability

The TrackR Bravo is a Bluetooth item loss prevention device. TrackR Bravo allows unauthorized pairing of Bluetooth devices. A remote attacker can exploit the vulnerability to write multiple device properties via an unauthorized connection application...

Cross-Site Request Forgery (CSRF) Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A cross-site request forgery CSRF vulnerability exists in AVTECH devices. An attacker who successfully exploits the...

CVE-2013-7395

ZOLL Defibrillator / Monitor X Series has a default 1 supervisor password and 2 service password, which allows physically proximate attackers to modify device configuration and cause a denial of service adverse human health effects...