CVE-2025-9521 Password Confirmation Bypass in Omada Controller

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

CVE-2020-12067

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, a user's password may be changed by an attacker without knowledge of the current password...

CVE-2019-12742

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...

EUVD-2016-2400

Malware in sbrugna...

EUVD-2020-3081

Malware in sbrugna...

EUVD-2020-29038

Malware in sbrugna...

EUVD-2024-54062

Malicious code in bioql PyPI...

EUVD-2025-17458

Malicious code in bioql PyPI...

EUVD-2022-43264

Malicious code in bioql PyPI...

EUVD-2025-12119

Malicious code in bioql PyPI...

EUVD-2024-22188

Malicious code in bioql PyPI...

EUVD-2023-33505

Malicious code in bioql PyPI...

EUVD-2023-1883

Malicious code in bioql PyPI...

EUVD-2022-4451

Malicious code in bioql PyPI...

EUVD-2022-52272

Malicious code in bioql PyPI...

CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-40668

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in...

PT-2025-24428 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue is related to an incorrect authorization vulnerability. This vulnerability allows an attacker with a low privilege level to change the password of other users through a POST request using the...

CVE-2025-48476

CVE-2025-48476 affects FreeScout (Laravel-based open source help desk). Root cause: when adding/editing user records via the fill() method, missing validation for the absence of the password field allows mass-assignment, enabling a user with edit rights to change another user’s password and then ...

CVE-2022-3930

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...