Lucene search
K

284 matches found

CNNVD
CNNVD
added 2025/08/27 12:0 a.m.2 views

lumasoft fotoShare Cloud 安全漏洞

Lumasoft FotoShare Cloud is a cloud-based gallery service from Lumasoft. A security vulnerability exists in lumasoft fotoShare Cloud version 2025-03-13, which stems from improper client-side password validation and could lead to unauthorized access...

5.8CVSS6.8AI score0.00363EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.11 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

9.8CVSS7.3AI score0.00475EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 12:0 a.m.186 views

CVE-2025-54336

CVE-2025-54336 (Plesk Obsidian 18.0.70) is a vulnerability where _isAdminPasswordValid uses a weak == comparison in admin/plib/LoginManager.php, enabling authentication bypass if the correct password has the form "0e" followed by digits. This can let an attacker log in with strings evaluating to ...

9.8CVSS7.2AI score0.00475EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Plesk Obsidian 安全漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian version 18.0.70, which stems from the use of the == comparison by isAdminPasswordValid and could lead to bypassing authentication...

9.8CVSS6.7AI score0.00475EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.6 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

7.2AI score0.00475EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.7 views

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

8.8CVSS7AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.3 views

CVE-2023-41972

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

7.3CVSS7.1AI score0.00236EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.5 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

6.5CVSS8.7AI score0.00737EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.7 views

CVE-2023-21252

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.1AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.7 views

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...

9.8CVSS7.2AI score0.01169EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.7 views

CVE-2020-20402

Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation...

7.5CVSS6.7AI score0.00749EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:31 a.m.4 views

CVE-2012-2368

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...

5CVSS7.4AI score0.01504EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.3 views

ABB ANC 安全漏洞

ABB ANC ABB Adaptive Noise Cancellation is an industrial-grade adaptive noise cancellation system from ABB Switzerland for real-time cancellation of noise in specific frequency bands generated by equipment such as motors/transformers. A security vulnerability exists in ABB ANC version 1.1.4 and...

2.6CVSS6.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 4:22 p.m.13 views

CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...

9.3CVSS0.00521EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 6:15 a.m.100 views

CVE-2025-22228

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

7.4CVSS0.00568EPSS
Exploits0References2
NVD
NVD
added 2025/03/07 9:15 a.m.13 views

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

9.8CVSS0.00417EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:5 a.m.7 views

CVE-2021-40409

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. Th...

9.8CVSS7.4AI score0.03657EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 10:29 a.m.6 views

CVE-2024-12402

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS7.2AI score0.00592EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 6:15 a.m.6 views

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References2
CVE
CVE
added 2024/12/19 5:24 a.m.55 views

CVE-2024-11768

CVE-2024-11768 affects the WordPress Download Manager plugin and arises from improper password validation in the checkFilePassword function, impacting all versions up to 3.3.03. An unauthenticated attacker can download password-protected files due to this flaw. The vulnerability is specific to th...

5.3CVSS5.3AI score0.00333EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder