8.7
CVE-2021-47726 - NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to rβ¦
9.3
CVE-2020-36904 - Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, inβ¦
8.5
CVE-2020-36903 - Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root patβ¦
8.2
CVE-2025-34468 - libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially β¦
5.4
CVE-2025-66149 - WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3.
5.4
CVE-2025-66150 - WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1.
5.4
CVE-2025-66151 - WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.4.
5.4
CVE-2025-66152 - WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Criptopayer for Elementor criptopayer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through <= 1.0.1.
5.3
CVE-2025-15393 - Kohana KodiCMS Layout API Endpoint file.php save code injection
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be initiβ¦
5.4
CVE-2025-66153 - WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4.