Lucene search
K

275 matches found

Cvelist
Cvelist
added yesterday20 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51041

Name of the Vulnerable Software and Affected Versions Branda plugin for WordPress versions prior to 3.4.30 Description The plugin is susceptible to privilege escalation through account takeover. This occurs because the software fails to properly validate a user's identity before updating a...

9.8CVSS6AI score0.00625EPSS
Exploits1References13
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:12 p.m.11 views

EUVD-2026-37910

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.38 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 2:20 p.m.57 views

CVE-2026-0647

The 1794-AENTR adapter (Rockwell Automation FLEX I/O dual‑port EtherNet/IP) has an improper authentication flaw in its embedded web server. An unauthenticated attacker can change the device web interface password by sending a crafted HTTP GET request to a specific endpoint, without prior authenti...

8.8CVSS5.3AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.5AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.14 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

8.1CVSS0.00168EPSS
Exploits1References3
NVD
NVD
added 2026/05/04 6:16 p.m.10 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS0.00305EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from the password change feature, which allows users to change their passwords using valid session tokens without providing...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that...

4.2CVSS5.8AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, etc. Versions prior to 1.5.14 and 1.6.14 of Roundcube Webmail had security vulnerabilities. These vulnerabilities were caused by improp...

4.2CVSS5.8AI score0.00243EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/27 12:30 a.m.4 views

CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 12:30 a.m.6 views

EUVD-2026-16509

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 9:16 a.m.7 views

EUVD-2026-13653

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

8.6CVSS5.8AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 6:11 p.m.19 views

CVE-2026-27757 SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

7.1CVSS0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/21 1:23 a.m.7 views

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.6AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/21 1:23 a.m.9 views

EUVD-2026-3698

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:51 p.m.11 views

CVE-2014-4716

Cross-site request forgery CSRF vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity...

6.8CVSS7.6AI score0.02278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.11 views

CVE-2018-4064

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

7.1CVSS6.7AI score0.16106EPSS
Exploits3References1
Rows per page
Query Builder