DB Elettronica Screen SFT DAB 安全漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which originates from an authentication bypass in the userManager.cgx endpoint, which could lead to passwor...

DB Elettronica Screen SFT DAB 授权问题漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. An authorization issue vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which stems from a flaw in session management that could lead to password changes...

PT-2025-48739

Name of the Vulnerable Software and Affected Versions Terminalfour versions 8 through 8.4.1.1 Description The userLevel parameter within the user management function lacks sufficient server-side authorization checks. A Power User can manipulate this parameter to assign the Administrator role to...

CVE-2025-13615

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-13615 StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

WordPress plugin StreamTube Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...

PT-2025-48376

Name of the Vulnerable Software and Affected Versions StreamTube Core plugin for WordPress versions up to and including 4.78 Description The StreamTube Core plugin for WordPress is susceptible to Arbitrary User Password Change. This occurs because the plugin grants user-controlled access to...

PT-2025-48367

Name of the Vulnerable Software and Affected Versions OrangeHRM versions 5.0 through 5.7 Description OrangeHRM does not invalidate existing sessions when a user is disabled or a password change occurs, allowing active session cookies to remain valid indefinitely. This allows a disabled user, or a...

Millions at risk after nationwide CodeRED alert system outage and data breach

A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to change their passwords. CodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations,...

EUVD-2025-197620

Flowise Fails to Invalidate Existing Sessions After Password Changes...

SUSE CVE-2016-11069

An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change...

EUVD-2025-38303

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

Summer Pearl Group Vacation Rental Management Platform 安全漏洞

Summer Pearl Group Vacation Rental Management Platform is a vacation rental property management software platform from Summer Pearl Group, Greece. A security vulnerability exists in Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2, which stems from a password change...

PT-2025-43755

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software ships with default credentials, potentially allowing for remote takeover. This impacts BLU-IC controllers. Recommendations BLU-IC2 versions through 1.19.5...

CVE-2025-62771

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...

Mercku M6a 跨站请求伪造漏洞

Mercku M6a is a WiFi router from Mercku USA. A cross-site request forgery vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from allowing a cross-site request forgery attack to change passwords via the internal network...

EUVD-2025-35316

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...

CVE-2025-52079

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

CVE-2025-6038

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...