9.3
CVE-2021-47744 - Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.
8.5
CVE-2021-47742 - Epic Games Psyonix Rocket League <=1.95 Elevation of Privileges via Insecure Permissions
Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable files and potentially eβ¦
8.7
CVE-2021-47741 - ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose β¦
8.7
CVE-2021-47726 - NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to rβ¦
9.3
CVE-2020-36904 - Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, inβ¦
8.5
CVE-2020-36903 - Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root patβ¦
8.2
CVE-2025-34468 - libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially β¦
5.4
CVE-2025-66149 - WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3.
5.4
CVE-2025-66150 - WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1.
5.4
CVE-2025-66151 - WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.4.