Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

189 matches found

Vulnrichment
Vulnrichmentadded last week3 views

CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.8AI score0.00035EPSS
Exploits0References2
EUVD
EUVDadded last week4 views

EUVD-2026-32905

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.8AI score0.00035EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded last week2 views

CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.8AI score0.00035EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.6 views

PT-2026-44385

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.8AI score0.00035EPSS
Exploits0References3
Snyk
Snykadded 2026/05/20 3:46 p.m.4 views

Weak Password Recovery Mechanism for Forgotten Password

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/27 5:30 p.m.0 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 5:30 p.m.0 views

CVE-2026-7144

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00035EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/04/27 5:30 p.m.32 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00035EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.1 views

PT-2026-35499

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update passwd process.php. The manipulation of the argument temp user results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS4.9AI score0.00035EPSS
Exploits0References8
EUVD
EUVDadded 2026/04/24 12:31 a.m.1 views

EUVD-2026-25360

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS5.8AI score0.0005EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/24 12:0 a.m.3 views

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability, which stems from the unreliable application of password updates. This vulnerability may cause the system to continue...

9.3CVSS5.8AI score0.0005EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/23 11:52 p.m.1 views

CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS5.3AI score0.0005EPSS
Exploits0References3
CVE
CVEadded 2026/03/18 9:46 p.m.6 views

CVE-2026-32943

Parse Server prior to versions 9.6.0-alpha.28 and 8.6.48 did not enforce single-use for password-reset tokens, allowing a token to be consumed by concurrent requests. An attacker with an intercepted token could race a legitimate reset request, potentially changing a target account’s password. Sta...

3.1CVSS5.8AI score0.00012EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/03/04 6:16 p.m.2 views

CVE-2019-25506

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

9.8CVSS0.00351EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/04 5:15 p.m.23 views

CVE-2019-25506 FreeSMS 2.1.2 Authentication Bypass via SQL Injection

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

8.8CVSS0.00351EPSS
Exploits1References2
CVE
CVEadded 2026/03/04 5:15 p.m.4 views

CVE-2019-25506

CVE-2019-25506 affects FreeSMS 2.1.2. The vulnerability is a boolean-based blind SQL injection in the password parameter that enables unauthenticated attackers to bypass authentication by injecting SQL through the login endpoint ( /pages/crc_handler.php?method=login ), allowing login as any known...

9.8CVSS6AI score0.00351EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/02/19 6:49 a.m.12 views

CVE-2026-1994

The CVE concerns the WordPress s2Member plugin (versions up to 260127). The root cause is that the plugin does not properly validate a user’s identity before updating their password, enabling unauthenticated attackers to change arbitrary user passwords, including administrators, via account takeo...

9.8CVSS5.7AI score0.00103EPSS
In wildExploits0References3
CNNVD
CNNVDadded 2026/02/19 12:0 a.m.3 views

WordPress plugin s2Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.8CVSS5.8AI score0.00103EPSS
Exploits0References3
OSV
OSVadded 2026/02/17 6:9 p.m.2 views

GO-2026-4475 File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser

File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser...

5.4CVSS5.5AI score0.00017EPSS
Exploits1References4
OSV
OSVadded 2026/02/10 12:22 a.m.2 views

GHSA-HXW8-4H9J-HQ2R File Browser has an Authentication Bypass in User Password Update

Security Advisory: Authentication Bypass in User Password Update Summary A case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change any user's password without providing the current password. By using Title Case field name...

5.4CVSS5.7AI score0.00017EPSS
Exploits1References5
Rows per page
Query Builder