187 matches found
GHSA-M24V-F7G5-GQ67 Statamic CMS vulnerable to email enumeration via forgot password endpoint
Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...
EUVD-2026-26037
An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...
CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
CVE-2026-33318
CVE-2026-33318 affects Actual, a local-first personal finance tool. Prior to version 26.4.0, any authenticated session could escalate to ADMIN on OpenID-migrated servers due to a three‑part chain: 1) missing authorization on POST /account/change-password allows overwriting the password hash; 2) a...
EUVD-2026-25380
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
actual 访问控制错误漏洞
Actual is a personal finance tool developed by Actual OpenSource. Versions of Actual prior to 26.4.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authorization checks for the /account/change-password endpoint. Combined with the password authentication row...
Missing Authorization
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Missing Authorization via the change-password endpoint, which lacks proper authorization checks. An attacker can gain administrative privileges by overwriting the password hash for the...
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...
CVE-2026-41276
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...
EUVD-2026-25295
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-41276
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-41276
Flowise (FlowiseAI Flowise) has a REST-authentication bypass vulnerability in the AccountService.resetPassword flow. Before version 3.1.0, an attacker who knows a user’s email can request a password reset with a null/empty token, bypass the need for a valid reset token, and set the user’s passwor...
PT-2026-34744
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description Remote attackers can bypass authentication in Flowise. The issue exists within the resetPassword function of the AccountService class, where the system fails to verify if a password reset token was...
FastGPT 安全漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the password-changing endpoint, which was vulnerable to NoSQL injection...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17696)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability stems from improper handling of the name parameter in the /usbpaswd.asp endpoint, which can be exploited by an attacker to cause a denial of service...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
Flowise-CVE-2025-58434-PasswordReset Unauthenticated...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
CVE-2025-58434 — Flowise Account Takeover via Token Disclosure...
CVE-2025-50663
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usbpaswd.asp endpoint...