Axis Camera Station Pro 安全漏洞

Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which stems from insecure direct object references. This vulnerability may allow non-administrator users to modify or delete certain data...

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a security vulnerability that stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read, modify, and delete...

Siemens SINEC NMS 代码问题漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

PT-2026-7233

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

CVE-2026-25939

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

CVE-2026-24095

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...

CVE-2026-2234 HGiga｜C&Cm@il - Missing Authentication

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

CVE-2026-2234 HGiga｜C&Cm@il - Missing Authentication

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

CVE-2026-2234

CVE-2026-2234 concerns the C&Cm@il product developed by HGiga, described as a Missing Authentication vulnerability that allows unauthenticated remote attackers to read and modify any user’s mail content. The available entries consistently state a network-accessible flaw with no authentication req...

CVE-2026-2234

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

HGiga C&Cm@il 访问控制错误漏洞

HGiga C&Cm@il is an email collaboration system developed by China’s HGiga Corporation. There is an access control vulnerability in HGiga C&Cm@il, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read and modify the email content of any use...

PT-2026-7077

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

CVE-2026-1082

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in inc/settings-page.php. This makes it possible for unauthenticated attackers to modify plugin...

PT-2026-6942

Name of the Vulnerable Software and Affected Versions JAY Login & Register plugin for WordPress versions prior to 2.6.04 Description The JAY Login & Register plugin for WordPress is susceptible to a privilege escalation issue. The plugin permits a user to modify arbitrary user meta data via the j...

CVE-2025-15476

The CVE-2025-15476 affects the WordPress plugin The Bucketlister, specifically versions up to 0.1.5. The root cause is a missing capability check in the bucketlister_do_admin_ajax() function, allowing authenticated attackers with Subscriber-level access (and higher) to add, delete, or modify arbi...

WordPress plugin Bucketlister 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13491

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...