PT-2025-10458

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7 Description: A CSRF issue in the "gestione utenti.php" endpoint allows attackers to perform unauthorized actions, such as modifying user passwords, on behalf of authenticated users. This is due to the lack of origin o...

CVE-2024-13513

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

The vulnerability of the authentication mechanism for microprogramming software on the Tenda AC1200 Smart router allows a intruder to gain unauthorized access to the device.

The vulnerability of the authentication mechanism for Tenda AC1200 Smart microprogramming software is related to the lack of necessary checks during password changes. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device by sending a...

CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforestresetpassword function. This makes it...

CVE-2024-11103

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

WordPress plugin Miniorange OTP Verification with Firebase 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress UltimateAI plugin <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability

Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability discovered by István Márton in WordPress Plugin UltimateAI versions = 2.8.3...

The software’s vulnerability regarding centralized device management by Fortinet FortiManager and the network firewall FortiAnalyzer is related to the lack of necessary checks during password changes. This allows attackers to alter administrator passwords.

The vulnerability of the software for centralized device management of Fortinet’s FortiManager and FortiAnalyzer devices stems from the lack of necessary checks during password changes. Exploiting this vulnerability allows a hacker to alter administrator passwords...

MegaBIP Security Vulnerabilities

MegaBIP is a software used to create BIP websites. A security vulnerability exists in MegaBIP 5.09 and earlier versions that stems from the presence of a SQL injection vulnerability that allows an attacker to gain site administrator privileges, including access to the administration panel and the...

The vulnerability of the platform for monitoring, managing, and improving LLM applications arises from the lack of a password recovery mechanism, allowing attackers to use the token for repeatedly changing user passwords.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to the lack of a password recovery mechanism. Exploiting this vulnerability allows an attacker who operates remotely to use the token for repeatedly changing user passwords...

CVE-2024-33753

Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization...

Section Camera 安全漏洞

Section Camera is a series of cameras from Section. A security vulnerability exists in Section Camera version V2.5.5.3116-S50-SMA-B20160811 and prior versions, which stems from a vulnerability that allows unauthorized changes to administrator and user accounts and passwords...

Puwell Cloud Tech 360Eyes Pro 安全漏洞

Puwell Cloud Tech 360Eyes Pro is a home-oriented surveillance camera mobile platform application from Puwell Cloud Tech. A security vulnerability exists in the Puwell Cloud Tech 360Eyes Pro v3.9.5.16 3090516 version, which stems from a vulnerability that allows an attacker to intercept and access...

USN-6687-1 accountsservice vulnerability

It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords...

CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...

CVE-2023-47577

CVE-2023-47577 affects Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0. The root cause is lack of current-password verification when changing passwords, enabling unauthorized changes. CVSSv3.1 base score is 9.8 (CRITICAL) with Network attack vector, Low attack complexity, Privileges Required: None, U...

CVE-2023-44374

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

PT-2023-29989 · Loytec · Liob-588 +6

Name of the Vulnerable Software and Affected Versions: LOYTEC LINX-151 affected versions not specified LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 affected versions not specified LOYTEC LIOB-588 affected versions not specified...