CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

EUVD-2026-25380

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

CVE-2026-33318

CVE-2026-33318 affects Actual, a local-first personal finance tool. Prior to version 26.4.0, any authenticated session could escalate to ADMIN on OpenID-migrated servers due to a three‑part chain: 1) missing authorization on POST /account/change-password allows overwriting the password hash; 2) a...

actual 访问控制错误漏洞

Actual is a personal finance tool developed by Actual OpenSource. Versions of Actual prior to 26.4.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authorization checks for the /account/change-password endpoint. Combined with the password authentication row...

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

Missing Authorization

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Missing Authorization via the change-password endpoint, which lacks proper authorization checks. An attacker can gain administrative privileges by overwriting the password hash for the...

CVE-2026-22604

OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...

CVE-2026-22604

OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...

CVE-2026-22604

OpenProject (web-based project management software) is affected in versions 11.2.1 through 16.6.1. A flaw exists in the unauthenticated POST request to the /account/change_password endpoint where providing an arbitrary password_change_user_id reveals the username of the targeted account, enabling...

CVE-2026-22603 OpenProject has no protection against brute-force attacks in the Change Password function

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint /account/changepassword was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker...

CVE-2026-22603

CVE-2026-22603 affects OpenProject before version 16.6.2. The vulnerability is due to an unauthenticated password-change endpoint (/account/change_password) that lacked the same brute-force protections as the login form. An attacker who can guess or enumerate user IDs can send unlimited password-...

CVE-2025-13313

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

CVE-2025-13313

The CRM Memberships WordPress plugin is vulnerable in versions up to 2.5 due to missing authorization checks on the ntzcrm_changepassword AJAX action and an unauthenticated ntzcrm_get_users endpoint, enabling unauthenticated password resets and enumeration of subscriber emails. This can grant att...

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

PT-2025-45479

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The application lacks sufficient anti-CSRF protections, such as anti-CSRF tokens or same-site cookie restrictions. This allows attackers to potentially trick authenticated...

EUVD-2024-41440

Malicious code in bioql PyPI...

CVE-2025-7052

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the changepassword function of its customercabinetchangepassword AJAX route. The plugin hooks this endpoint via wpajax and...

CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the changepassword function of its customercabinetchangepassword AJAX route. The plugin hooks this endpoint via wpajax and...

CVE-2025-9931

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

PHPGurukul Doctor Appointment Management System 安全漏洞

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a session hijacking vulnerability that stems from the /doctor/change-password.php component not properly terminating a session. No details of the vulnerability are...