Lucene search
+L

210 matches found

OSV
OSV
added 2025/11/18 12:0 a.m.8 views

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

6.1CVSS7.3AI score0.00209EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/25 12:43 a.m.12 views

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

8.3CVSS6.9AI score0.00417EPSS
Exploits1References1
NVD
NVD
added 2025/10/24 9:16 p.m.5 views

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

8.3CVSS0.00417EPSS
Exploits1References3
CVE
CVE
added 2025/10/24 12:0 a.m.21 views

CVE-2025-60954

CVE-2025-60954 affects Microweber CMS 2.0, where the password reset flow enforces no minimum length or complexity, allowing extremely weak (even single-character) passwords and risking account compromise, including admin accounts. The vulnerability surface is the password reset process in Microwe...

8.3CVSS6.5AI score0.00417EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.6 views

PT-2025-43670

Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...

8.3CVSS6.6AI score0.00417EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/10/24 12:0 a.m.4 views

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

6.5AI score0.00417EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/24 12:0 a.m.12 views

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

0.00417EPSS
Exploits1References3
Snyk
Snyk
added 2025/10/20 8:42 p.m.5 views

External Control of System or Configuration Setting

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the post function in the web/views.py file'. An attacker can gain unauthorized access to user accounts by crafting a...

7.1CVSS6.9AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-17076

Malware in sbrugna...

8.8CVSS8.6AI score0.03471EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27545

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41826

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2025/10/03 8:6 p.m.11 views

CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

8.1CVSS7AI score0.00388EPSS
Exploits1References4
Snyk
Snyk
added 2025/10/03 2:52 p.m.5 views

Incorrect User Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect User Management due to allowing multiple accounts connected to the same email address. An attacker can cause account ambiguity by registering...

9.8CVSS6.8AI score0.00388EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.11 views

formbricks 数据伪造问题漏洞

formbricks is an open source survey system from Formbricks. A data forgery issue vulnerability exists in versions prior to formbricks 4.0.1 that stems from a lack of JWT signature validation, which could lead to arbitrary JWT forgery and password resets...

9.4CVSS6.9AI score0.08037EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2025/09/18 2:12 p.m.5 views

SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers

SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat...

9.8CVSS6.6AI score0.15593EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/27 12:32 p.m.7 views

More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim's Android phone. It then monitors that phone's...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.10 views

PT-2025-34740

Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...

8.8CVSS6.7AI score0.00414EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/08/23 12:23 a.m.9 views

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...

5.3CVSS7.7AI score0.00294EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/21 12:0 a.m.3 views

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...

7.6AI score0.00294EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/21 12:0 a.m.13 views

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...

0.00294EPSS
Exploits1References2
Rows per page
Query Builder