Lucene search
+L

6 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-56679

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:39 p.m.26 views

CVE-2026-53738

CVE-2026-53738 affects the WordPress plugin Copy & Delete Posts, up to version 1.5.4. The vulnerability stems from the cdp_action_handling AJAX handler, where any plugin-enabled non-admin role can invoke every operation, bypassing per-function capability checks. This enables attackers with an ena...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.39 views

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 9:15 p.m.5 views

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

9.8CVSS5.8AI score0.00454EPSS
Exploits1References5
NVD
NVD
added 2025/12/09 9:15 p.m.12 views

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

9.8CVSS0.00454EPSS
Exploits1References5
OSV
OSV
added 2021/10/22 2:15 p.m.6 views

CVE-2021-42540

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

8.8CVSS7.3AI score0.00966EPSS
Exploits0References1
Rows per page
Query Builder