CVE-2026-49002 Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

EUVD-2025-203870

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...

PT-2025-51811

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission...

CVE-2023-22441

Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versio...

Unspecified Vulnerability in JetBrains TeamCity

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission...

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission...

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission...

CVE-2024-56354

JetBrains TeamCity CVE-2024-56354: Affected software prior to 2024.12 has password field values accessible by users with the View Settings permission. Root cause described in PT-2024-9848 as insufficient protection of registration data, enabling disclosure of protected information. Impact is conf...

PT-2024-9848 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to insufficient protection of registration data in JetBrains TeamCity, a continuous integration and continuous delivery CI/CD system. This allows a remote attacker...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

FCNT 访问控制错误漏洞

FCNT is a cell phone service from FCNT. FCNT suffers from an access control error vulnerability that originates under certain conditions when an attacker can directly manipulate the device with the user's unlocked screen, exposing the settings page of a provided security feature and/or changing...

Android App "Brother iPrint&Scan" vulnerable to improper access control

Overview Android App "Brother iPrint" provided by BROTHER INDUSTRIES, LTD. contains an improper access control vulnerability CWE-284, CVE-2023-28369. Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD. reported...

CVE-2023-28369

Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview...

PT-2020-12810 · Algolplus · Algolplus Advanced Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: AlgolPlus Advanced Order Export For WooCommerce plugin version 3.1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the woe post type parameter in the "view/settings-form.php"...