📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

📄 Nagios XI Monitoring Wizard Command Injection

Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-65010

CVE-2025-65010 (WODESYS WD-R608U router / WDR122B V2.0 / WDR28) is documented with concrete details: multiple Red Hat and NVD entries describe vulnerabilities tied to the WD-R608U platform. Affected issues include Broken Access Control in the initial configuration wizard.cgi endpoint, where an at...

PT-2025-16191 · H3C · H3C Magic Nx15 +3

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15, Magic NX30 Pro, Magic NX400, and Magic R3010 versions up to V100R014 Description: A critical issue has been found in the affected devices, specifically in the function FCGI WizardProtoProcess of the /api/wizard/getSpecs endpoi...

PT-2024-2009 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.3.2578 build 20231110 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.3.2578 build 20231110 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to...

RICOH MP 2001 Cross-Site Scripting Vulnerability

The RICOH MP 2001 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area of the RICOH MP 2001, which arises from the program failing to properly validate user-submitted input. An attacker can exploit the vulnerability by sending the...