CVE-2025-12776

creationtimestamp| type| source ---|---|--- 2026-01-07 23:03:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbulbai45q2g...

CVE-2024-12776 Authentication Bypass in langgenius/dify

In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...

CVE-2024-12776

CVE-2024-12776 affects langgenius/dify v0.10.1. The issue is that the /forgot-password/resets endpoint does not verify the password reset code, enabling an attacker to reset the password of any user, including administrators, potentially leading to full compromise of the application. Root cause: ...

CVE-2020-12776

creationtimestamp| type| source ---|---|--- 2020-09-01 12:55:34+00:00| seen| https://t.me/cibsecurity/14400...

CVE-2020-12776

CVE-2020-12776 affects Openfind Mail2000 and is described as a Broken Access Control vulnerability that can enable unauthorized command execution after an attacker obtains an administrator access token or cookie. The available documents provide a high-severity impact (CVE is associated with high ...

CVE-2020-12776 Openfind Mail2000 - Broken Access Control

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie...

ENTTEC Lighting Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...

CVE-2019-12776

The CVE-2019-12776 issue affects ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482, where a hard-coded SSH key enables remote root access. Root cause: hard-coded cryptographic key enabling SSH/SCP access to root via relocate/relocate_revB scripts...

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

CVE-2018-12776

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

CVE-2018-12776

Adobe Acrobat and Reader are affected by a Use-after-free vulnerability identified as CVE-2018-12776. Specifically, vulnerable versions include Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier. The vulnerability could allow arbitrary ...

CVE-2018-12776

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

KLA11283 Multiple vulnerabilities in Adobe Acrobat&Reader

Multiple vulnerabilities was found in Adobe Acrobat&Reader. Original advisories Prenotification Security Advisory for Adobe Acrobat and Reader | APSB18-21 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Related products...

Adobe Acrobat and Reader Use After Free (APSB18-21: CVE-2018-12776)

A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2017-12776

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...

CVE-2017-12776

CVE-2017-12776 affects NexusPHP 1.5. The reports.php file’s delreport parameter is vulnerable to SQL injection, enabling remote attackers to execute arbitrary SQL commands. Documented impact is high (CVSS v2 base 7.5, v3 base 9.8). No remediation details are provided in the connected documents; e...