Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6741

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.4AI score0.00293EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 3:8 a.m.5 views

CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password...

9.8CVSS5.8AI score0.00736EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/16 6:30 p.m.3 views

EUVD-2025-34792

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...

9.8CVSS6.4AI score0.00672EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/16 5:20 p.m.6 views

CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...

9.8CVSS6.6AI score0.00672EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1864

Malware in sbrugna...

8.8CVSS8.8AI score0.01086EPSS
Exploits1References2
NVD
NVD
added 2025/08/19 8:15 p.m.6 views

CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

9.8CVSS0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.11 views

CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/05 12:0 a.m.5 views

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

7.5CVSS6.8AI score0.14441EPSS
Exploits5References3
CVE
CVE
added 2025/07/05 12:0 a.m.57 views

CVE-2025-47227

Netmake ScriptCase Production Environment extension (up to 9.12.006) contains a vulnerability in the administrator password reset mechanism. Specifically, GET and POST requests to login.php can bypass authentication, enabling an unauthenticated administrator account takeover. The CVSS=3.1 base sc...

7.5CVSS7AI score0.14441EPSS
Exploits5References3
Cvelist
Cvelist
added 2025/07/05 12:0 a.m.14 views

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

7.5CVSS0.01955EPSS
Exploits5References3
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

Scriptcase 安全漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. A security vulnerability exists in Scriptcase version 9.12.006, which stems from mishandling of the administrator password reset mechanism, which could lead to authentication bypass...

7.5CVSS9.5AI score0.01955EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.7 views

CVE-2024-51382

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...

8.4CVSS7.1AI score0.00232EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.268 views

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load And Administrator Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset', 'Description' = %q The NVRmini 2...

7.5CVSS7AI score0.53715EPSS
Exploits6
0day.today
0day.today
added 2024/08/27 12:0 a.m.182 views

HughesNet HT2000W Satellite Modem - Password Reset Exploit

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib red = "\0330;41m...

9.8CVSS7.4AI score0.99983EPSS
Exploits5
NVD
NVD
added 2024/03/30 1:15 a.m.9 views

CVE-2024-28288

Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...

9.8CVSS6.7AI score0.00724EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

ForU CMS Authorization Issues Vulnerability

ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions of the authorization problem vulnerability , the vulnerability stems from the file /admin/index.php there are arbitrary administrator password reset vulnerability...

7.5CVSS7AI score0.00742EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/08/03 11:15 p.m.4 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

7.5CVSS7.1AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2023/08/03 11:15 p.m.4 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.22 views

CMS Made Simple <= 2.2.7 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...

8.8CVSS7.3AI score0.12178EPSS
Exploits6References1
Prion
Prion
added 2022/12/12 12:15 p.m.16 views

Default credentials

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device...

7.5CVSS9.7AI score0.00927EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder