CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

CVE-2026-35675 phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

CVE-2026-35675

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:55+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-w9xh-5f39-vq89 2026-05-28 17:21:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjubgrpa2h...

MAL-2025-35675 Malicious code in test-mlw2-levin-inust-choco-slink (npm)

The package test-mlw2-levin-inust-choco-slink was found to contain malicious code...

CVE-2023-35675

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

CVE-2024-35675 WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting XSS.This issue affects Advanced Woo Labels: from n/a through 1.93...

CVE-2024-35675

CVE-2024-35675 is a vulnerability in the WordPress plugin Advanced Woo Labels – Product Labels for WooCommerce . Connected sources describe it as an authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability affecting the plugin version range up to and including 1.93. The root c...

CVE-2024-35675 WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting XSS.This issue affects Advanced Woo Labels: from n/a through 1.93...

WordPress Advanced Woo Labels Plugin <= 1.93 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Woo Labels Type Plugin Vulnerable versions = 1.93 Fixed in 1.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35675 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ad89d9224a2 Credits savphill Required privilege...

CVE-2023-35675

The CVE-2023-35675 entry describes a local information disclosure in Android tied to the loadMediaResumptionControls function in MediaResumeListener.kt. The logic error could allow a user on the same device to play/listen to media files belonging to another user without extra privileges or user i...

CVE-2022-35675

CVE-2022-35675 affects Adobe FrameMaker 2019 Update 8 and earlier and 2020 Update 4 and earlier. It is a Use-After-Free vulnerability that could allow arbitrary code execution in the context of the current user, requiring user interaction (opening a malicious file). Adobe released APSB22-42 with ...

CVE-2022-35675 Adobe FrameMaker SVG File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe FrameMaker versions 2019 Update 8 and earlier and 2020 Update 4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

Adobe FrameMaker 2019 < 15.0.8 (2019.0.8) / Adobe FrameMaker 2020 < 16.0.4 (2020.0.4) Multiple Vulnerabilities (APSB22-42)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2019 15.0.8 / Adobe FrameMaker 2020 16.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb22-42 advisory. - Adobe FrameMaker versions 2019 Update 8 and earlier and...

CVE-2020-35675

CVE-2020-35675 affects BigProf Online Invoicing System prior to 3.0. The admin/pageTransferOwnership.php endpoint lacks CSRF protection, allowing an attacker to escalate privileges to Administrator and potentially take over the application. Affected component: the transfer ownership function with...