CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

PT-2026-37042

Name of the Vulnerable Software and Affected Versions Gambio versions 4.0.0.0 through 4.9.2.0 Description A flaw in the password reset function allows an attacker to bypass security checks and set arbitrary passwords for any account, provided the account ID is known. Recommendations Apply the...

CVE-2026-34408

CVE-2026-34408 affects Gambio 4.9.2.0. The issue is that the password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the user ID is known. Root cause: insecure password reset flow leading to unauthorized password changes. A patch was released in 2024-02 v1.0.0...

CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

CVE-2026-26417

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests...

EUVD-2026-9841

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests...

CVE-2026-22881

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

EUVD-2025-33236

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...

EUVD-2005-3537

Malware in sbrugna...

EUVD-2016-3433

Malware in sbrugna...

CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests...

D-Link DSL6740C 安全漏洞

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

SUSE CVE-2005-3538

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges...

Seceon aiSIEM 授权问题漏洞

Seceon aiSIEM is a comprehensive network security management platform. It enables real-time visualization, detection and elimination of threats, continuous improvement of security posture, compliance monitoring and reporting, and policy management. Seceon aiSIEM prior to 6.3.2 build 585 suffers...

Logic flaw vulnerability in student fee management cloud platform

Student Fee Management Cloud Platform is an online self-service fee payment system for students of Industrial Bank Co. A logic flaw vulnerability exists in the Student Fee Management Cloud Platform, which can be exploited by an attacker to reset arbitrary user passwords...

Arbitrary Password Reset Vulnerability in PowerProject Enterprise Project Management System

PowerProject is a WEB-based, enterprise-class, full lifecycle, universal project management platform. An arbitrary password reset vulnerability exists in the PowerProject enterprise project management system. An attacker can exploit this vulnerability to gain direct access to change arbitrary use...

Design/Logic Flaw

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...

CVE-2018-9934

Summary: CVE-2018-9934 affects MetInfo 6.0, where the reset-password feature can be abused by an attacker who manipulates the Host HTTP header to point to a controlled web server, enabling arbitrary password changes. The vulnerability is contextually described as a network‑level issue with plausi...

CVE-2018-6180

A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts...