Lucene search
+L

289 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29708

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01373EPSS
Exploits1References4
NVD
NVD
added 2025/08/27 2:15 p.m.5 views

CVE-2025-56694

Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...

5.8CVSS0.00363EPSS
Exploits1References3
OSV
OSV
added 2025/08/27 2:15 p.m.5 views

CVE-2025-56694

Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...

5.8CVSS5.8AI score0.00363EPSS
Exploits1References3
CVE
CVE
added 2025/08/27 12:0 a.m.21 views

CVE-2025-56694

The CVE-2025-56694 affects lumasoft fotoShare Cloud (version 2025-03-13). The vulnerability is a client-side password validation issue (CWE-602) that could allow unauthenticated attackers to view password-protected photo albums. Root cause appears to be improper client-side validation. CVSS v3.1 ...

5.8CVSS6.8AI score0.00363EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

lumasoft fotoShare Cloud 安全漏洞

Lumasoft FotoShare Cloud is a cloud-based gallery service from Lumasoft. A security vulnerability exists in lumasoft fotoShare Cloud version 2025-03-13, which stems from improper client-side password validation and could lead to unauthorized access...

5.8CVSS6.8AI score0.00363EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.11 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

9.8CVSS7.3AI score0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.6 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

7.2AI score0.00475EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.7 views

Plesk Obsidian 安全漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian version 18.0.70, which stems from the use of the == comparison by isAdminPasswordValid and could lead to bypassing authentication...

9.8CVSS6.7AI score0.00475EPSS
Exploits0References4
CVE
CVE
added 2025/08/19 12:0 a.m.213 views

CVE-2025-54336

CVE-2025-54336 (Plesk Obsidian 18.0.70) is a vulnerability where _isAdminPasswordValid uses a weak == comparison in admin/plib/LoginManager.php, enabling authentication bypass if the correct password has the form "0e" followed by digits. This can let an attacker log in with strings evaluating to ...

9.8CVSS7.2AI score0.00475EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.7 views

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

8.8CVSS7AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.4 views

CVE-2023-41972

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

7.3CVSS7.1AI score0.00236EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.7 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

6.5CVSS8.7AI score0.00737EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.9 views

CVE-2023-21252

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.1AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.9 views

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...

9.8CVSS7.2AI score0.01169EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.11 views

CVE-2020-20402

Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation...

7.5CVSS6.7AI score0.00749EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:31 a.m.7 views

CVE-2012-2368

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...

5CVSS7.4AI score0.01504EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.6 views

ABB ANC 安全漏洞

ABB ANC ABB Adaptive Noise Cancellation is an industrial-grade adaptive noise cancellation system from ABB Switzerland for real-time cancellation of noise in specific frequency bands generated by equipment such as motors/transformers. A security vulnerability exists in ABB ANC version 1.1.4 and...

2.6CVSS6.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 4:22 p.m.15 views

CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...

9.3CVSS0.00521EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 6:15 a.m.101 views

CVE-2025-22228

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

7.4CVSS0.00568EPSS
Exploits0References2
NVD
NVD
added 2025/03/07 9:15 a.m.15 views

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

9.8CVSS0.00417EPSS
Exploits0References2
Rows per page
Query Builder