9 matches found
CVE-2026-39322
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...
CVE-2026-34369
CVE-2026-34369 affects WWBN AVideo prior to patch be344206f2f461c034ad2f1c5d8212dd8a52b8c7. In versions up to 26.0, the get_api_video_file and get_api_video API endpoints return full video playback sources (direct MP4 URLs, HLS manifests) for password-protected videos without verifying the video ...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of password verification for the getapivideofile and getapivideo API endpoints, which...
CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...
EUVD-2026-9047
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...
Unverified Password Change
Overview typo3/cms-setup is an Allows users to edit a limited set of options for their user profile, including preferred language, their name and email address. Affected versions of this package are vulnerable to Unverified Password Change through the backend user management interface. An attacke...
CVE-2022-29270
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address...
PAX Technology PAXSTORE 授权问题漏洞
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An access control error vulnerability exists in Pax Technology PAXSTORE version v7.0.820200511171508...
[NT] ignitionServer Server Linking Password Verification Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...