Lucene search
K

14 matches found

CVE
CVE
added 2026/05/25 10:15 a.m.23 views

CVE-2026-9449

Technical details about CVE-2026-9449 are not publicly available in the provided documents. Monitor for updates; no vendor/product/version specifics or remediation are disclosed here.

6.5CVSS6.4AI score0.00246EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 5:54 p.m.6 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36239

Summary The Web UI page that prompts a user to change their expired password was vulnerable to cross-site scripting XSS, because a URL parameter was used directly in HTML output without sanitization. An authenticated user with access to this page could inject arbitrary JavaScript. The impact was...

6.1CVSS5.8AI score0.00197EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.6 views

PHPGurukul e-Diary Management System 安全漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...

7.5CVSS6.8AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.11 views

CVE-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS6.7AI score0.00615EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:59 a.m.7 views

CVE-2018-13313

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...

6.5CVSS6.9AI score0.01015EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.2 views

Online Blood Bank Management System SQL注入漏洞

Online Blood Bank Management System is an online blood bank management system. Itsourcecode Online Blood Bank Management System version 1.0 suffers from a SQL injection vulnerability that originates from changepwd.php containing an unknown function that causes SQL injection via the parameter...

9.8CVSS7.9AI score0.00851EPSS
Exploits1References5
OSV
OSV
added 2024/03/31 6:17 p.m.20 views

BIT-ESPOCRM-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS5.6AI score0.00615EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.6 views

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM 8.1.1 and prior versions, which originates from a vulnerability that allows an attacke...

5.9CVSS6.6AI score0.00615EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.6 views

PT-2024-20584 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 8.1.2 Description: The issue allows an attacker to inject arbitrary IP or domain in the "Password Change" page, potentially redirecting the victim to a malicious page. This could lead to credential stealing or other...

5.9CVSS6.3AI score0.00615EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/08/22 7:16 p.m.6 views

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/02/24 7:15 p.m.3 views

CVE-2018-13313

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...

6.5CVSS5.5AI score0.01015EPSS
Exploits1References4
Prion
Prion
added 2020/01/28 11:15 p.m.18 views

Cross site request forgery (csrf)

Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php...

6.8CVSS8.7AI score0.01548EPSS
Exploits5References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.3 views

The vulnerability of the password_change.cgi web interface of the system administration interface for UNIX-like operating systems, Webmin, allows a hacker to execute arbitrary code.

The vulnerability of the passwordchange.cgi web interface of the system administration interface for UNIX-like operating systems in Webmin is related to the improper elimination of special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...

10CVSS8.2AI score0.99766EPSS
Exploits37References6Affected Software1
CNVD
CNVD
added 2015/05/20 12:0 a.m.3 views

Brainworks Software XpanceNET /index.php/request_passwordChange SQL Injection Vulnerability

Brainworks Software XpanceNET is a WEB-based application. Brainworks Software XpanceNET /index.php/requestpasswordChange handles a SQL injection vulnerability in the UserID parameter, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to...

8AI score
Exploits0References1
Rows per page
Query Builder