43 matches found
CVE-2026-6741
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password...
EUVD-2025-34792
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...
CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...
EUVD-2018-1864
Malware in sbrugna...
CVE-2025-51543
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...
CVE-2025-51543
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...
CVE-2025-47227
In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...
CVE-2025-47227
Netmake ScriptCase Production Environment extension (up to 9.12.006) contains a vulnerability in the administrator password reset mechanism. Specifically, GET and POST requests to login.php can bypass authentication, enabling an unauthenticated administrator account takeover. The CVSS=3.1 base sc...
CVE-2025-47227
In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...
Scriptcase 安全漏洞
Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. A security vulnerability exists in Scriptcase version 9.12.006, which stems from mishandling of the administrator password reset mechanism, which could lead to authentication bypass...
CVE-2024-51382
Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load And Administrator Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset', 'Description' = %q The NVRmini 2...
HughesNet HT2000W Satellite Modem - Password Reset Exploit
Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib red = "\0330;41m...
CVE-2024-28288
Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...
ForU CMS Authorization Issues Vulnerability
ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions of the authorization problem vulnerability , the vulnerability stems from the file /admin/index.php there are arbitrary administrator password reset vulnerability...
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...
CMS Made Simple <= 2.2.7 Multiple Vulnerabilities
CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...
Default credentials
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device...