CVE-2026-22312

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

WordPress plugin Dokan: Access control error vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

EUVD-2025-201170

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-2848

CVE-2025-2848 affects Synology Mail Server. Multiple sources describe remote authenticated access that allows reading and writing non-sensitive settings and disabling some non-critical functions, with potential risks to mail configuration stability. PT-Security cites affected DSM versions before ...

CVE-2025-49082

CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack...

The vulnerability of the SINEMA Remote Connect Edge Client microprogramming software for industrial switches from Siemens, model Siemens Scalance LPE9403, allows a perpetrator to bypass authentication procedures and gain access to read and modify configuration parameters.

The vulnerability of the SINEMA Remote Connect Edge Client microprogramming software for Siemens Scalance LPE9403 industrial switches in remote connection mode is related to the ability to bypass the authentication process by using an alternative path or channel. Exploiting this vulnerability...

CVE-2024-1156

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges...

CVE-2021-4337

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2022-22609

The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings...

CVE-2021-34578

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07...