CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

EUVD-2026-5620

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization bypasses, which could allow unverified remote attackers to modify device labels...

PT-2026-6737

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains multiple SQL injection flaws that allow manipulation of database queries. Attackers can leverage the Router ID and Router IP parameters to exploit error-based, time-based, and union-bas...

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

EUVD-2020-31048

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118

CVE-2020-37118 affects P5 FNIP-8x16A FNIP-4xSH 1.0.20. The vulnerability is a cross-site request forgery that can perform administrative actions without user interaction by tricking an authenticated user into loading a crafted page (e.g., adding admin users, changing passwords, modifying configs)...

CVE-2025-15285

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

CVE-2026-0572

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurifysaveoptions' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settin...

CVE-2025-15080

CVE-2025-15080 affects Mitsubishi Electric MELSEC iQ-R Series (R08PCPU, R16PCPU, R32PCPU, R120PCPU). The vulnerability stems from improper validation of a specified quantity in input within the proprietary protocol/SLMP communications, enabling an unauthenticated attacker to read device data or p...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

F5 Networks BIG-IP : BIG-IP SMTP configuration security exposure (K000156643)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000156643 advisory. An authenticated attacker granted the guest role on a BIG-IP system can modify theSMTP Server Host...

CVE-2026-24666

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery CSRF vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as...

CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

CVE-2025-15285

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

Microhard IPn4G Cellular Gateways Cross-Site Request Forgery (CVE-2018-25149)

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...