Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 7:3 p.m.4 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/27 6:13 p.m.14 views

CVE-2026-34369

CVE-2026-34369 affects WWBN AVideo prior to patch be344206f2f461c034ad2f1c5d8212dd8a52b8c7. In versions up to 26.0, the get_api_video_file and get_api_video API endpoints return full video playback sources (direct MP4 URLs, HLS manifests) for password-protected videos without verifying the video ...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of password verification for the getapivideofile and getapivideo API endpoints, which...

5.3CVSS5.8AI score0.00376EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 8:39 p.m.4 views

CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/27 9:31 p.m.6 views

EUVD-2026-9047

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/20 2:43 p.m.2 views

Unverified Password Change

Overview typo3/cms-setup is an Allows users to edit a limited set of options for their user profile, including preferred language, their name and email address. Affected versions of this package are vulnerable to Unverified Password Change through the backend user management interface. An attacke...

5.1CVSS6.9AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2022/06/29 1:15 a.m.6 views

CVE-2022-29270

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address...

4.3CVSS5.8AI score0.02275EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.7 views

PAX Technology PAXSTORE 授权问题漏洞

PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An access control error vulnerability exists in Pax Technology PAXSTORE version v7.0.820200511171508...

7.1CVSS5.7AI score0.00939EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/06/18 12:0 a.m.46 views

[NT] ignitionServer Server Linking Password Verification Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.2AI score
Exploits0
Rows per page
Query Builder