Lucene search
+L

35 matches found

cvelist
cvelist
added 2026/06/25 9:41 p.m.23 views

CVE-2025-71328 Flowise - Unverified Password Change via Account Settings

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

8.7CVSS0.00327EPSS
Exploits1References2
cve
cve
added 2026/06/25 9:41 p.m.15 views

CVE-2025-71328

CVE-2025-71328 affects Flowise before 3.0.10. An authenticated user can change their account password via the Account Settings > Security page without providing the current password or any additional verification, because the application does not enforce a current-password check on credential ...

8.8CVSS6AI score0.00327EPSS
Exploits1References2Affected Software1
hackerone
hackerone
added 2026/06/10 5:0 a.m.14 views

curl: CVE-2026-11856: cross-origin Digest auth state leak

Summary: This issue is the HTTP sibling to the previously disclosed RTSP Digest auth leak. When an application uses libcurl and reuses the same easy handle for sequential transfers the documented best practice, the Digest authentication state captured from the first origin is silently sent to the...

9.8CVSS5.9AI score0.01064EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.8 views

PT-2026-23686

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to configurar perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, an...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.6 views

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...

9.8CVSS7AI score0.01264EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/30 12:0 a.m.4 views

CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

6.5AI score0.00307EPSS
Exploits1References2
github
github
added 2025/10/20 3:30 p.m.7 views

TastyIgniter vulnerable to Cross-Site Scripting

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

8.8CVSS6.2AI score0.00546EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6933

Malware in sbrugna...

6.8CVSS6.4AI score0.01452EPSS
Exploits1References7
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-31610

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00559EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-27566

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00411EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:20 p.m.15 views

CVE-2021-24133

Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account...

4.3CVSS6.8AI score0.00474EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2025/01/01 12:0 a.m.4 views

PT-2025-49794

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of robust list pointers during an exec operation. Specifically, the sys get robust list and compat get robust list functions may...

5.3AI score0.00199EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/05/28 12:0 a.m.6 views

PT-2024-13140 · Aten · Aten Pe6208

Name of the Vulnerable Software and Affected Versions: Aten PE6208 versions 2.3.228 through 2.4.232 Description: The issue concerns incorrect access control in the account management function of the web interface, allowing remote authenticated users to alter user and administrator account...

7.3CVSS7AI score0.00426EPSS
Exploits1References4
osv
osv
added 2023/08/04 12:15 a.m.4 views

CVE-2023-36133

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...

9.8CVSS5.8AI score0.00746EPSS
Exploits0References2
nvd
nvd
added 2023/02/15 7:15 p.m.14 views

CVE-2023-23466

Media CP Media Control Panel latest version. Insufficiently protected credential change...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References1
prion
prion
added 2023/02/15 7:15 p.m.18 views

Code injection

Media CP Media Control Panel latest version. Insufficiently protected credential change...

5CVSS7.6AI score0.00411EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/02/15 12:0 a.m.6 views

CVE-2023-23466 Media CP Media Control Panel – insufficiently protected credential change

Media CP Media Control Panel latest version. Insufficiently protected credential change...

6.5CVSS7AI score0.00411EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/02/15 12:0 a.m.3 views

Media CP Media Control Panel 安全漏洞

MEDIA CONTROL PANEL Media CP Media Control Panel is an application from MEDIA CONTROL PANEL, Inc. A security vulnerability exists in Media CP Media Control Panel that stems from inadequate credential change protection...

7.5CVSS7.3AI score0.00411EPSS
Exploits0References2
cvelist
cvelist
added 2023/02/15 12:0 a.m.20 views

CVE-2023-23466 Media CP Media Control Panel – insufficiently protected credential change

Media CP Media Control Panel latest version. Insufficiently protected credential change...

6.5CVSS7.8AI score0.00411EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/02/01 12:0 a.m.13 views

CVE-2023-23078

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets...

6.1AI score0.02813EPSS
Exploits0References2
Rows per page
Query Builder