EUVD-2026-38119

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...

PT-2026-47836

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur during the decryption of password-encrypted Cryptographic Message Syntax CMS messages. The issue arises because the OpenSSL CMS implementation dereference...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

PT-2026-1821

Name of the Vulnerable Software and Affected Versions Veeam affected versions not specified Description The software contains a flaw that enables a Backup Administrator to execute code remotely as the postgres user. This is achieved by submitting a crafted password parameter. The issue allows for...

EUVD-2019-16516

Malware in sbrugna...

EUVD-2018-8764

Malware in sbrugna...

EUVD-2015-8643

Malware in sbrugna...

EUVD-2022-5215

Malicious code in bioql PyPI...

EUVD-2022-4813

Malicious code in bioql PyPI...

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

CVE-2019-17203

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder...

CVE-2019-16904

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. The crafted password is exploitable when viewing the change history of the item or tapping on the item...

CVE-2018-16978

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473...

CVE-2024-45981

A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link...

CVE-2024-45979

A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

Kratos SpectralNet 命令注入漏洞

Kratos SpectralNet is a carrier-level digitizer for ensuring QoS and SLAs from Kratos USA. A command injection vulnerability exists in Kratos SpectralNet Narrowband NB versions versions prior to 1.7.5. An attacker could exploit this vulnerability by sending a specially crafted password to execute...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2022-30306

A stack-based buffer overflow vulnerability CWE-121 in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password...