MiracleLinux 4 : php54-php-5.4.40-4.AXS4 (AXSA:2016-620:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-620:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MAL-2025-192098 Malicious code in elf-stats-mistletoe-pinecone-620 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e04e98f7eb8f6c52591eb84ba92379c6e6af2499578abe9dc4f769b72163bfe The package elf-stats-mistletoe-pinecone-620 was found to contain malicious code...

Malicious code in elf-stats-mistletoe-pinecone-620 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e04e98f7eb8f6c52591eb84ba92379c6e6af2499578abe9dc4f769b72163bfe The package elf-stats-mistletoe-pinecone-620 was found to contain malicious code...

EUVD-2018-17973

Malware in sbrugna...

EUVD-2018-17974

Malware in sbrugna...

EUVD-2025-23823

Malicious code in bioql PyPI...

EUVD-2021-9908

Malicious code in bioql PyPI...

Security Bulletin: A Security Vulnerability was found in the IBM Security Verify Access product.

Summary IBM Security Verify Access could allow could an unverified user to change the password of an expired user without prior knowledge of that password Vulnerability Details CVEID:CVE-2024-45647 DESCRIPTION: IBM Security Verify Access could allow could an unverified user to change the password...

OSV-2025-620 Heap-buffer-overflow in FragPrepareChunk

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437694938 Crash type: Heap-buffer-overflow WRITE 8 Crash state: FragPrepareChunk DemuxFrag demuxprocessstream...

CVE-2025-46389

CWE-620: Unverified Password Change...

Amazon Linux 2023 : ecs-init (ALAS2023-2024-620)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-620 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

Medtronic Micro Clinician and InterStim Apps

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: Micros Clinician A51200 app and InterStim X Clinician A51300 app Vulnerabilities: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the clinician...

Cisco Secure Email Gateway Malware Detection Evasion

This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must be ...

FortiADC - Unverified password change over the GUI

An unverified password change vulnerability CWE-620 in FortiADC may allow an authenticated attacker to bypass the Old Password check in the password change form for the account the attacker is logged into or for others accounts except admin when the attacker has Read Write access on System via a...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user...

iCloud phishing scam – Man stole private photos of 620,000 women

By Waqas LA County resident booked in iCloud phishing scam pretended to be an Apple agent and stole 620,000 photos, 9,000 videos of 306 young women. This is a post from HackRead.com Read the original post: iCloud phishing scam - Man stole private photos of 620,000 women...

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

Default credentials

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

CVE-2021-22773

EVlink City, EVlink Parking, and EVlink Smart Wallbox (Schneider Electric) are affected by CWE-620 Unverified Password Change. All versions prior to R8 V3.4.0.1 allow an attacker connected to the charging station Web UI to modify a user’s password. Root cause: unverified password change mechanism...