PT-2026-22294

Name of the Vulnerable Software and Affected Versions Unitree Go2 and other models versions affected versions not specified Description The encryption algorithm used to protect firmware updates is encrypted using key material accessible to attackers. This allows unauthorized modification of...

CVE-2024-45269

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the...

CVE-2024-22133

Affected product/version: SAP Fiori Front End Server 605. Vulnerability: Improper modification of approver details in the read‑only field when sending leave request information, enabling creation of requests with an incorrect approver. Impact (as stated): low impact on confidentiality and integri...

Overwrite benRevocable

Handle gpersoon Vulnerability details Impact Anyone can call the function vest of Vesting.sol, for example with a smail "amount" of tokens, for any beneficiary. The function overwrites the value of benRevocablebeneficiary, effectively erasing any previous value. So you can set any beneficiary to...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-1144

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

Authentication flaw

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors...

Information disclosure

SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors...

JVN#07148816: Multiple access restriction bypass vulnerabilities in Cybozu Office

Cybozu Office contains multiple access restriction bypass vulnerabilities below. Access restriction bypass in the "Project" function - CVE-2016-4867 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base...