64 matches found
CVE-2026-4141 Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quranplaylistoptions function that handles the plugin's settings page. The function processes POST requests to update...
PT-2026-26843
The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for unauthenticated attackers to...
Exploit for CVE-2026-1208
CVE-2026-1208: Cross-Site Request Forgery in Friendly Function...
CVE-2025-36754
The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an...
CVE-2025-27919
CVE-2025-27919 affects AnyDesk up to version 9.0.4. A remote user with the 'Control my device' permission can modify remote AnyDesk settings and create a password for the Full Access profile without counterparty confirmation, enabling later connections without confirmation. Impact per sources: co...
CVE-2025-12616
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...
CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...
CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation
The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...
CVE-2025-10303
CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...
EUVD-2021-11826
Malware in sbrugna...
EUVD-2019-9270
Malware in sbrugna...
EUVD-2024-49467
Malicious code in bioql PyPI...
EUVD-2024-43153
Malicious code in bioql PyPI...
EUVD-2023-41879
Malicious code in bioql PyPI...
EUVD-2023-59100
Malicious code in bioql PyPI...
EUVD-2023-51424
Malicious code in bioql PyPI...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...
PT-2025-26608 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: A settings manipulation issue allows attackers to execute arbitrary commands, including editing system security auditing configurations. Recommendations: For NCR Terminal Handler version 1.5.1,...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...
CVE-2024-8903
Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent Windows, macOS before build 38565...