210 matches found
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
CVE-2025-60954 affects Microweber CMS 2.0, where the password reset flow enforces no minimum length or complexity, allowing extremely weak (even single-character) passwords and risking account compromise, including admin accounts. The vulnerability surface is the password reset process in Microwe...
PT-2025-43670
Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
External Control of System or Configuration Setting
Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the post function in the web/views.py file'. An attacker can gain unauthorized access to user accounts by crafting a...
EUVD-2017-17076
Malware in sbrugna...
EUVD-2025-27545
Malicious code in bioql PyPI...
EUVD-2022-41826
Malicious code in bioql PyPI...
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
Incorrect User Management
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect User Management due to allowing multiple accounts connected to the same email address. An attacker can cause account ambiguity by registering...
formbricks 数据伪造问题漏洞
formbricks is an open source survey system from Formbricks. A data forgery issue vulnerability exists in versions prior to formbricks 4.0.1 that stems from a lack of JWT signature validation, which could lead to arbitrary JWT forgery and password resets...
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat...
More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw
TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim's Android phone. It then monitors that phone's...
PT-2025-34740
Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...
CVE-2025-55366
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...
CVE-2025-55366
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...
CVE-2025-55366
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...